Univention Bugzilla – Bug 48239
perl: Multiple issues (4.3)
Last modified: 2018-12-05 14:39:29 CET
New Debian perl 5.24.1-3+deb9u5 fixes: This update addresses the following issues: * Integer overflow leading to buffer overflow (CVE-2018-18311) * Heap-buffer-overflow write / reg_node overrun (CVE-2018-18312) * Heap-buffer-overflow read in regcomp.c (CVE-2018-18313) * Heap-based buffer overflow (CVE-2018-18314)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/perl_5.24.1-3+deb9u4.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/perl_5.24.1-3+deb9u5.dsc @@ -1,3 +1,13 @@ +5.24.1-3+deb9u5 [Thu, 29 Nov 2018 11:11:57 +0000] Dominic Hargreaves <dom@earth.li>: + + * [SECURITY] CVE-2018-18311: Integer overflow leading to buffer + overflow and segmentation fault + * [SECURITY] CVE-2018-18312: Heap-buffer-overflow write in S_regatom + (regcomp.c) + * [SECURITY] CVE-2018-18313: Heap-buffer-overflow read in regcomp.c + * [SECURITY] CVE-2018-18314: Heap-based buffer overflow in extended + character classes + 5.24.1-3+deb9u4 [Sun, 10 Jun 2018 18:37:28 +0100] Dominic Hargreaves <dom@earth.li>: * [SECURITY] CVE-2018-12015: fix directory traversal vulnerability <http://10.200.17.11/4.3-2/#5732944496848445580>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] 5bf91b5ef2 Bug #48239: perl 5.24.1-3+deb9u5 doc/errata/staging/perl.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<http://errata.software-univention.de/ucs/4.3/363.html>