UbuntuUpdates.org

Package "perl-base"

Name: perl-base

Description:

minimal Perl system
Latest version: 5.18.2-2ubuntu1.7
Release: trusty (14.04)
Level: security
Repository: main
Head package: perl
Homepage: http://dev.perl.org/perl5/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "perl-base"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "perl-base" in Trusty

Repository Area Version
base main 5.18.2-2ubuntu1
updates main 5.18.2-2ubuntu1.7

Changelog

Version: 5.18.2-2ubuntu1.7 2018-12-03 19:06:13 UTC

  perl (5.18.2-2ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow leading to buffer overflow
    - debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
      util.c.
    - CVE-2018-18311
  * SECURITY UPDATE: Heap-buffer-overflow read
    - debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
      memchr in regcomp.c.
    - CVE-2018-18313

 -- Marc Deslauriers <email address hidden> Tue, 20 Nov 2018 09:27:15 -0500
Source diff to previous version
CVE-2018-18311 Integer overflow leading to buffer overflow and segmentation fault
CVE-2018-18313 Heap-buffer-overflow read in regcomp.c

Version: 5.18.2-2ubuntu1.6 2018-06-13 18:06:46 UTC

  perl (5.18.2-2ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/fixes/CVE-2018-12015.patch: fix ing
      cpan/Archive-Tar/lib/Archive/Tar.pm.
    - CVE-2018-12015

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 17:00:53 -0300
Source diff to previous version
CVE-2018-12015 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary

Version: 5.18.2-2ubuntu1.4 2018-04-16 17:06:50 UTC

  perl (5.18.2-2ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: infinite loop via crafted utf-8 data
    - debian/patches/fixes/CVE-2015-8853-1.patch: fix hangs in regexec.c,
      t/re/pat.t.
    - debian/patches/fixes/CVE-2015-8853-2.patch: use
      Perl_croak_nocontext() in regexec.c.
    - CVE-2015-8853
  * SECURITY UPDATE: arbitrary code exec via library in cwd
    - debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
      dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
    - CVE-2016-6185
  * SECURITY UPDATE: race condition in rmtree and remove_tree
    - debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
      tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
    - debian/patches/fixes/CVE-2017-6512.patch: prevent race in
      cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
    - CVE-2017-6512
  * SECURITY UPDATE: heap buffer overflow bug
    - debian/patches/fixes/CVE-2018-6913.patch: fix various space
      calculation issues in pp_pack.c, t/op/pack.t.
    - CVE-2018-6913

 -- Marc Deslauriers <email address hidden> Thu, 05 Apr 2018 12:49:25 -0400
Source diff to previous version
CVE-2015-8853 The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a de
CVE-2016-6185 The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execu
CVE-2017-6512 Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary fil
CVE-2018-6913 heap-buffer-overflow in S_pack_rec

Version: 5.18.2-2ubuntu1.3 2017-11-13 14:06:47 UTC

  perl (5.18.2-2ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via crafted regular expressiion
    - debian/patches/CVE-2017-12883.patch: fix crafted expression
      with invalid '\N{U+...}' escape in regcomp.c
    - CVE-2017-12883
  * SECURITY UPDATE: heap-based buffer overflow in S_regatom
    - debian/patches/CVE-2017-12837.patch: fix issue in regcomp.c
    - CVE-2017-12837

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Nov 2017 08:42:39 -0300
Source diff to previous version
CVE-2017-12883 Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disc
CVE-2017-12837 Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to

Version: 5.18.2-2ubuntu1.1 2016-03-02 14:07:41 UTC

  perl (5.18.2-2ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via regular expression invalid
    backreference
    - debian/patches/fixes/CVE-2013-7422.patch: properly handle big
      backreferences in regcomp.c.
    - CVE-2013-7422
  * SECURITY UPDATE: denial of service in Data::Dumper
    - debian/patches/fixes/CVE-2014-4330.patch: limit recursion in
      MANIFEST, dist/Data-Dumper/Dumper.pm, dist/Data-Dumper/Dumper.xs,
      dist/Data-Dumper/t/recurse.t.
    - CVE-2014-4330
  * SECURITY UPDATE: environment variable confusion issue
    - debian/patches/fixes/CVE-2016-2381.patch: remove duplicate
      environment variables from environ in perl.c.
    - CVE-2016-2381

 -- Marc Deslauriers <email address hidden> Tue, 01 Mar 2016 07:32:17 -0500
CVE-2013-7422 Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to ex
CVE-2014-4330 The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (


About   -   Send Feedback to @ubuntu_updates