UbuntuUpdates.org

Package "perl"

Name: perl

Description:

Larry Wall's Practical Extraction and Report Language

Latest version: 5.26.1-6ubuntu0.3
Release: bionic (18.04)
Level: security
Repository: main
Homepage: http://dev.perl.org/perl5/

Links

Save this URL for the latest version of "perl": https://www.ubuntuupdates.org/perl


Download "perl"


Other versions of "perl" in Bionic

Repository Area Version
base main 5.26.1-6
updates main 5.26.1-6ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.26.1-6ubuntu0.3 2018-12-03 19:06:17 UTC

  perl (5.26.1-6ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow leading to buffer overflow
    - debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
      util.c.
    - CVE-2018-18311
  * SECURITY UPDATE: Heap-buffer-overflow write / reg_node overrun
    - debian/patches/fixes/CVE-2018-18312.patch: fix logic in regcomp.c.
    - CVE-2018-18312
  * SECURITY UPDATE: Heap-buffer-overflow read
    - debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
      memchr in regcomp.c.
    - CVE-2018-18313
  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/fixes/CVE-2018-18314.patch: fix extended charclass in
      pod/perldiag.pod, pod/perlrecharclass.pod, regcomp.c,
      t/lib/warnings/regcomp, t/re/reg_mesg.t, t/re/regex_sets.t.
    - CVE-2018-18314

 -- Marc Deslauriers <email address hidden> Mon, 19 Nov 2018 10:54:44 -0500

Source diff to previous version
CVE-2018-18311 Integer overflow leading to buffer overflow and segmentation fault
CVE-2018-18312 Heap-buffer-overflow write in S_regatom (regcomp.c)
CVE-2018-18313 Heap-buffer-overflow read in regcomp.c
CVE-2018-18314 Heap-based buffer overflow

Version: 5.26.1-6ubuntu0.1 2018-06-13 18:06:59 UTC

  perl (5.26.1-6ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/fixes/CVE-2018-12015.patch: fix ing
      cpan/Archive-Tar/lib/Archive/Tar.pm.
    - CVE-2018-12015

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 16:32:02 -0300

CVE-2018-12015 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary



About   -   Send Feedback to @ubuntu_updates