SUSE: 2024:1630-1 important: perl Security Advisory Updates
Summary
## This update for perl fixes the following issues: Security issues fixed: * CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) * CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) * CVE-2023-31484: Enabled TLS certificate verification in CPAN (bsc#1210999) * CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1630=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1630=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1630=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * perl-base-5.26.1-150000.7.18.1 * perl-debuginfo-5.26.1-150000.7.18.1 * perl-5.26.1-150000.7.18.1 * perl-base-debuginfo-5.26.1-150000.7.18.1 * perl-debugsource-5.26.1-150000.7.18.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * perl-doc-5.26.1-150000.7.18.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * perl-32bit-debuginfo-5.26.1-150000.7.18.1 * perl-base-32bit-5.26.1-150000.7.18.1 * perl-base-32bit-debuginfo-5.26.1-150000.7.18.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * perl-base-5.26.1-150000.7.18.1 * perl-debuginfo-5.26.1-150000.7.18.1 * perl-5.26.1-150000.7.18.1 * perl-base-debuginfo-5.26.1-150000.7.18.1 * perl-debugsource-5.26.1-150000.7.18.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * perl-doc-5.26.1-150000.7.18.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * perl-32bit-debuginfo-5.26.1-150000.7.18.1 * perl-base-32bit-5.26.1-150000.7.18.1 * perl-base-32bit-debuginfo-5.26.1-150000.7.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * perl-base-5.26.1-150000.7.18.1 * perl-debuginfo-5.26.1-150000.7.18.1 * perl-5.26.1-150000.7.18.1 * perl-base-debuginfo-5.26.1-150000.7.18.1 * perl-debugsource-5.26.1-150000.7.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * perl-doc-5.26.1-150000.7.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * perl-32bit-debuginfo-5.26.1-150000.7.18.1 * perl-base-32bit-5.26.1-150000.7.18.1 * perl-base-32bit-debuginfo-5.26.1-150000.7.18.1
References
* bsc#1047178
* bsc#1082216
* bsc#1082233
* bsc#1210999
Cross-
* CVE-2017-6512
* CVE-2018-6798
* CVE-2018-6913
* CVE-2023-31484
CVSS scores:
* CVE-2017-6512 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2017-6512 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2017-6512 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2018-6798 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2018-6913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-6913 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31484 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-31484 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
An update that solves four vulnerabilities can now be installed.
##
* https://www.suse.com/security/cve/CVE-2017-6512.html
* https://www.suse.com/security/cve/CVE-2018-6798.html
* https://www.suse.com/security/cve/CVE-2018-6913.html
* https://www.suse.com/security/cve/CVE-2023-31484.html
* https://bugzilla.suse.com/show_bug.cgi?id=1047178
* https://bugzilla.suse.com/show_bug.cgi?id=1082216
* https://bugzilla.suse.com/show_bug.cgi?id=1082233
* https://bugzilla.suse.com/show_bug.cgi?id=1210999
![Dist Suse](/images/distros/dist-suse.gif)