Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2020:1682-1 Important: Perl Heap Overflow and Integer Issues

suse
Calendar Grey June 19, 2020
Dist Suse Esm H88
SUSE Security Patch for Ruby addresses several vulnerabilities such as buffer and stack overflows. Refer to the advisory for further information.
An update that solves three vulnerabilities and has one errata is now available

Summary

This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory software update important heap overflow perl integer overflow SUSE

References

#1171863 #1171864 #1171866 #1172348

Cross- CVE-2020-10543 CVE-2020-10878 CVE-2020-12723

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2

SUSE Linux Enterprise Module for Development Tools 15-SP2

SUSE Linux Enterprise Module for Development Tools 15-SP1

SUSE Linux Enterprise Module for Basesystem 15-SP2

SUSE Linux Enterprise Module for Basesystem 15-SP1

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

https://www.suse.com/security/cve/CVE-2020-10543.html

https://www.suse.com/security/cve/CVE-2020-10878.html

https://www.suse.com/security/cve/CVE-2020-12723.html

https://bugzilla.suse.com/1171863

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:1682-1
Rating: important

Topics%20covered

Topics Covered

security advisory software update important heap overflow perl integer overflow SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here