UbuntuUpdates.org

Package "perl"

Name: perl

Description:

Larry Wall's Practical Extraction and Report Language

Latest version: 5.22.1-9ubuntu0.5
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://dev.perl.org/perl5/

Links

Save this URL for the latest version of "perl": https://www.ubuntuupdates.org/perl


Download "perl"


Other versions of "perl" in Xenial

Repository Area Version
base main 5.22.1-9
updates main 5.22.1-9ubuntu0.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.22.1-9ubuntu0.5 2018-06-13 18:06:53 UTC

  perl (5.22.1-9ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/fixes/CVE-2018-12015.patch: fix ing
      cpan/Archive-Tar/lib/Archive/Tar.pm.
    - CVE-2018-12015

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 16:30:44 -0300

Source diff to previous version
CVE-2018-12015 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary

Version: 5.22.1-9ubuntu0.3 2018-04-16 14:07:51 UTC

  perl (5.22.1-9ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: arbitrary code exec via library in cwd
    - debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
      dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
    - CVE-2016-6185
  * SECURITY UPDATE: race condition in rmtree and remove_tree
    - debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
      tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
    - debian/patches/fixes/CVE-2017-6512.patch: prevent race in
      cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
    - CVE-2017-6512
  * SECURITY UPDATE: heap write overflow bug
    - debian/patches/fixes/CVE-2018-6797.patch: restart a node if we change
      to uni rules within the node and encounter a sharp S in regcomp.c.
    - CVE-2018-6797
  * SECURITY UPDATE: heap read overflow bug
    - debian/patches/fixes/CVE-2018-6798-1.patch: check lengths in
      regexec.c, t/lib/warnings/regexec.
    - debian/patches/fixes/CVE-2018-6798-2.patch: account for non-utf8
      target in regexec.c, t/re/re_tests.
    - debian/patches/fixes/CVE-2018-6798-3.patch: no longer warns in
      t/lib/warnings/regexec.
    - CVE-2018-6798
  * SECURITY UPDATE: heap buffer overflow bug
    - debian/patches/fixes/CVE-2018-6913.patch: fix various space
      calculation issues in pp_pack.c, t/op/pack.t.
    - CVE-2018-6913

 -- Marc Deslauriers <email address hidden> Thu, 05 Apr 2018 08:48:47 -0400

Source diff to previous version
CVE-2016-6185 The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execu
CVE-2017-6512 Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary fil
CVE-2018-6797 heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
CVE-2018-6798 Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
CVE-2018-6913 heap-buffer-overflow in S_pack_rec

Version: 5.22.1-9ubuntu0.2 2017-11-13 14:06:48 UTC

  perl (5.22.1-9ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via crafted regular expressiion
    - debian/patches/fixes/CVE-2017-12883.patch: fix crafted expression
      with invalid '\N{U+...}' escape in regcomp.c
    - CVE-2017-12883
  * SECURITY UPDATE: heap-based buffer overflow in S_regatom
    - debian/patches/fixes/CVE-2017-12837.patch: fix issue in regcomp.c
    - CVE-2017-12837

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Nov 2017 11:39:06 -0300

CVE-2017-12883 Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disc
CVE-2017-12837 Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to



About   -   Send Feedback to @ubuntu_updates