Red Hat: RHSA-2018:1192-01 Moderate: rh-perl524-perl Heap Overflow
red hat
April 23, 2018
An update for rh-perl524-perl is now available for Red Hat Software Collections
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
Perl is a high-level programming language that is commonly used for system
administration utilities and web programming.
Security Fix(es):
* perl: heap write overflow in regcomp.c (CVE-2018-6797)
* perl: heap read overflow in regexec.c (CVE-2018-6798)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Perl 5 Porters for reporting these issues.
Upstream acknowledges Brian Carpenter as the original reporter of
CVE-2018-6797; and Nguyen Duc Manh as the original reporter of
CVE-2018-6798.
References
https://access.redhat.com/security/cve/CVE-2018-6797 https://access.redhat.com/security/cve/CVE-2018-6798 https://access.redhat.com/security/updates/classification/#moderate
Package List
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-perl524-perl-5.24.0-380.el6.src.rpm
noarch:
rh-perl524-perl-Attribute-Handlers-0.99-380.el6.noarch.rpm
rh-perl524-perl-Devel-SelfStubber-1.05-380.el6.noarch.rpm
rh-perl524-perl-ExtUtils-Embed-1.33-380.el6.noarch.rpm
rh-perl524-perl-ExtUtils-Miniperl-1.05-380.el6.noarch.rpm
rh-perl524-perl-IO-Zlib-1.10-380.el6.noarch.rpm
rh-perl524-perl-Locale-Maketext-Simple-0.21-380.el6.noarch.rpm
rh-perl524-perl-Math-BigRat-0.2608.02-380.el6.noarch.rpm
rh-perl524-perl-Math-Complex-1.59-380.el6.noarch.rpm
rh-perl524-perl-Memoize-1.03-380.el6.noarch.rpm
rh-perl524-perl-Module-Loaded-0.08-380.el6.noarch.rpm
rh-perl524-perl-Net-Ping-2.43-380.el6.noarch.rpm
rh-perl524-perl-Pod-Html-1.22-380.el6.noarch.rpm
rh-perl524-perl-SelfLoader-1.23-380.el6.noarch.rpm
rh-perl524-perl-Test-1.28-380.el6.noarch.rpm
rh-perl524-perl-bignum-0.42-380.el6.noarch.rpm
rh-perl524-perl-libnetcfg-5.24.0-380.el6.noarch.rpm
rh-perl524-perl-open-1.10-380.el6.noarch.rpm
rh-perl524-perl-utils-5.24.0-380.el6.noarch.rpm
x86_64:
rh-perl524-perl-5.24.0-380.el6.x86_64.rpm
rh-perl524-perl-Devel-Peek-1.23-380.el6.x86_64.rpm
rh-perl524-perl-Errno-1.25-380.el6.x86_64.rpm
rh-perl524-perl-IO-1.36-380.el6.x86_64.rpm
Read the Full Advisory
PREVIOUS 
NEXT Advisory ID: RHSA-2018:1192-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1192
Issue date: 2018-04-23
Topic
An update for rh-perl524-perl is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Bugs Fixed
1547779 - CVE-2018-6798 perl: heap read overflow in regexec.c
1547783 - CVE-2018-6797 perl: heap write overflow in regcomp.c
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!