Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 20.04 LTS Security Advisory 4602-1 Critical: Perl Issues

ubuntu
Calendar Grey October 26, 2020
Dist Ubuntu Esm H88
Uncover insights regarding potential weaknesses in Perl for Ubuntu and learn effective strategies to fortify your system.
Several security issues were fixed in Perl.

Summary

Several security issues were fixed in Perl.

Software Description:

- perl: Practical Extraction and Report Language

Details:

ManhND discovered that Perl incorrectly handled certain regular

expressions. In environments where untrusted regular expressions are

evaluated, a remote attacker could possibly use this issue to cause Perl to

crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2020-10543)

Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly

handled certain regular expressions. In environments where untrusted

regular expressions are evaluated, a remote attacker could possibly use

this issue to cause Perl to crash, resulting in a denial of service, or

possibly execute arbitrary code. (CVE-2020-10878)

Sergey Aleynikov discovered that Perl incorrectly handled certain regular

expressions. In environments where untrusted regular expressions are

evaluated, a remote attacker could possibly use this issue to caus...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  perl                            5.30.0-9ubuntu0.2

Ubuntu 18.04 LTS:
  perl                            5.26.1-6ubuntu0.5

Ubuntu 16.04 LTS:
  perl                            5.22.1-9ubuntu0.9

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4602-1

CVE-2020-10543, CVE-2020-10878, CVE-2020-12723

Severity
critical
Lowest
Low
Medium
High
Critical

October 26, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here