Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

Debian: DSA-4172-1 Moderate: Perl Heap Overflow and Info Disclosure

debian
Calendar Grey April 14, 2018
Debian Logo
Ubuntu patches fix flaws in Python that could lead to memory corruption and unexpected data leakage. Discover the details!
Multiple vulnerabilities were discovered in the implementation of the Perl programming language

Summary

CVE-2018-6797

Brian Carpenter reported that a crafted regular expression
could cause a heap buffer write overflow, with control over the
bytes written.

CVE-2018-6798

Nguyen Duc Manh reported that matching a crafted locale dependent
regular expression could cause a heap buffer read overflow and
potentially information disclosure.

CVE-2018-6913

GwanYeong Kim reported that 'pack()' could cause a heap buffer write
overflow with a large item count.

For the oldstable distribution (jessie), these problems have been fixed
in version 5.20.2-3+deb8u10. The oldstable distribution (jessie) update
contains only a fix for CVE-2018-6913.

For the stable distribution (stretch), these problems have been fixed in
version 5.24.1-3+deb9u3.

We recommend that you upgrade your perl packages.

For the detailed security status of perl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/source-package/perl

Further information about Debian Security Advisories, h...

Read the Full Advisory

Package: perl
CVE ID: CVE-2018-6797 CVE-2018-6798 CVE-2018-6913

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.