UbuntuUpdates.org

Package "perl"

Name: perl

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • CGI::Fast Perl module

Latest version: 5.18.2-2ubuntu1.6
Release: trusty (14.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "perl": https://www.ubuntuupdates.org/perl



Other versions of "perl" in Trusty

Repository Area Version
base main 5.18.2-2ubuntu1
base universe 5.18.2-2ubuntu1
security universe 5.18.2-2ubuntu1.6
security main 5.18.2-2ubuntu1.6
updates main 5.18.2-2ubuntu1.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.18.2-2ubuntu1.6 2018-06-13 18:06:51 UTC

  perl (5.18.2-2ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/fixes/CVE-2018-12015.patch: fix ing
      cpan/Archive-Tar/lib/Archive/Tar.pm.
    - CVE-2018-12015

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 17:00:53 -0300

Source diff to previous version
CVE-2018-12015 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary

Version: 5.18.2-2ubuntu1.4 2018-04-16 15:08:17 UTC

  perl (5.18.2-2ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: infinite loop via crafted utf-8 data
    - debian/patches/fixes/CVE-2015-8853-1.patch: fix hangs in regexec.c,
      t/re/pat.t.
    - debian/patches/fixes/CVE-2015-8853-2.patch: use
      Perl_croak_nocontext() in regexec.c.
    - CVE-2015-8853
  * SECURITY UPDATE: arbitrary code exec via library in cwd
    - debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
      dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
    - CVE-2016-6185
  * SECURITY UPDATE: race condition in rmtree and remove_tree
    - debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
      tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
    - debian/patches/fixes/CVE-2017-6512.patch: prevent race in
      cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
    - CVE-2017-6512
  * SECURITY UPDATE: heap buffer overflow bug
    - debian/patches/fixes/CVE-2018-6913.patch: fix various space
      calculation issues in pp_pack.c, t/op/pack.t.
    - CVE-2018-6913

 -- Marc Deslauriers <email address hidden> Thu, 05 Apr 2018 12:49:25 -0400

Source diff to previous version
CVE-2015-8853 The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a de
CVE-2016-6185 The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execu
CVE-2017-6512 Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary fil
CVE-2018-6913 heap-buffer-overflow in S_pack_rec

Version: 5.18.2-2ubuntu1.3 2017-11-13 18:06:52 UTC

  perl (5.18.2-2ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via crafted regular expressiion
    - debian/patches/CVE-2017-12883.patch: fix crafted expression
      with invalid '\N{U+...}' escape in regcomp.c
    - CVE-2017-12883
  * SECURITY UPDATE: heap-based buffer overflow in S_regatom
    - debian/patches/CVE-2017-12837.patch: fix issue in regcomp.c
    - CVE-2017-12837

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Nov 2017 08:42:39 -0300

Source diff to previous version
CVE-2017-12883 Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disc
CVE-2017-12837 Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to

Version: 5.18.2-2ubuntu1.1 2016-03-02 15:07:48 UTC

  perl (5.18.2-2ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via regular expression invalid
    backreference
    - debian/patches/fixes/CVE-2013-7422.patch: properly handle big
      backreferences in regcomp.c.
    - CVE-2013-7422
  * SECURITY UPDATE: denial of service in Data::Dumper
    - debian/patches/fixes/CVE-2014-4330.patch: limit recursion in
      MANIFEST, dist/Data-Dumper/Dumper.pm, dist/Data-Dumper/Dumper.xs,
      dist/Data-Dumper/t/recurse.t.
    - CVE-2014-4330
  * SECURITY UPDATE: environment variable confusion issue
    - debian/patches/fixes/CVE-2016-2381.patch: remove duplicate
      environment variables from environ in perl.c.
    - CVE-2016-2381

 -- Marc Deslauriers <email address hidden> Tue, 01 Mar 2016 07:32:17 -0500

CVE-2013-7422 Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to ex
CVE-2014-4330 The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (



About   -   Send Feedback to @ubuntu_updates