UbuntuUpdates.org

Package "perl"

Name: perl

Description:

Larry Wall's Practical Extraction and Report Language

Latest version: 5.22.1-9ubuntu0.9
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://dev.perl.org/perl5/

Links


Download "perl"


Other versions of "perl" in Xenial

Repository Area Version
base main 5.22.1-9
security main 5.22.1-9ubuntu0.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.22.1-9ubuntu0.9 2020-10-26 13:07:04 UTC

  perl (5.22.1-9ubuntu0.9) xenial-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in regex compiler
    - debian/patches/fixes/CVE-2020-10543.patch: prevent integer overflow
      from nested regex quantifiers in regcomp.c.
    - CVE-2020-10543
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/fixes/CVE-2020-10878.patch: extract
      rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
    - CVE-2020-10878
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/fixes/CVE-2020-12723.patch: avoid mutating regexp
      program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
      t/re/pat.t.
    - CVE-2020-12723
  * debian/patches/fixes/fix_test_2020.patch: fix FTBFS caused by test
    failing in the year 2020 in cpan/Time-Local/t/Local.t.

 -- Marc Deslauriers <email address hidden> Mon, 19 Oct 2020 06:57:56 -0400

Source diff to previous version
CVE-2020-10543 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2020-10878 Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could l
CVE-2020-12723 regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Version: 5.22.1-9ubuntu0.6 2018-12-03 20:06:53 UTC

  perl (5.22.1-9ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow leading to buffer overflow
    - debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
      util.c.
    - CVE-2018-18311
  * SECURITY UPDATE: Heap-buffer-overflow write / reg_node overrun
    - debian/patches/fixes/CVE-2018-18312.patch: fix logic in regcomp.c.
    - CVE-2018-18312
  * SECURITY UPDATE: Heap-buffer-overflow read
    - debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
      memchr in regcomp.c.
    - CVE-2018-18313
  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/fixes/CVE-2018-18314.patch: fix extended charclass in
      pod/perldiag.pod, pod/perlrecharclass.pod, regcomp.c,
      t/re/reg_mesg.t, t/re/regex_sets.t.
    - CVE-2018-18314

 -- Marc Deslauriers <email address hidden> Mon, 19 Nov 2018 13:29:35 -0500

Source diff to previous version
CVE-2018-18311 Integer overflow leading to buffer overflow and segmentation fault
CVE-2018-18312 Heap-buffer-overflow write in S_regatom (regcomp.c)
CVE-2018-18313 Heap-buffer-overflow read in regcomp.c
CVE-2018-18314 Heap-based buffer overflow

Version: 5.22.1-9ubuntu0.5 2018-06-13 18:06:55 UTC

  perl (5.22.1-9ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/fixes/CVE-2018-12015.patch: fix ing
      cpan/Archive-Tar/lib/Archive/Tar.pm.
    - CVE-2018-12015

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Jun 2018 16:30:44 -0300

Source diff to previous version
CVE-2018-12015 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary

Version: 5.22.1-9ubuntu0.3 2018-04-16 15:08:18 UTC

  perl (5.22.1-9ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: arbitrary code exec via library in cwd
    - debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
      dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
    - CVE-2016-6185
  * SECURITY UPDATE: race condition in rmtree and remove_tree
    - debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
      tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
    - debian/patches/fixes/CVE-2017-6512.patch: prevent race in
      cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
    - CVE-2017-6512
  * SECURITY UPDATE: heap write overflow bug
    - debian/patches/fixes/CVE-2018-6797.patch: restart a node if we change
      to uni rules within the node and encounter a sharp S in regcomp.c.
    - CVE-2018-6797
  * SECURITY UPDATE: heap read overflow bug
    - debian/patches/fixes/CVE-2018-6798-1.patch: check lengths in
      regexec.c, t/lib/warnings/regexec.
    - debian/patches/fixes/CVE-2018-6798-2.patch: account for non-utf8
      target in regexec.c, t/re/re_tests.
    - debian/patches/fixes/CVE-2018-6798-3.patch: no longer warns in
      t/lib/warnings/regexec.
    - CVE-2018-6798
  * SECURITY UPDATE: heap buffer overflow bug
    - debian/patches/fixes/CVE-2018-6913.patch: fix various space
      calculation issues in pp_pack.c, t/op/pack.t.
    - CVE-2018-6913

 -- Marc Deslauriers <email address hidden> Thu, 05 Apr 2018 08:48:47 -0400

Source diff to previous version
CVE-2016-6185 The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execu
CVE-2017-6512 Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary fil
CVE-2018-6797 heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
CVE-2018-6798 Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
CVE-2018-6913 heap-buffer-overflow in S_pack_rec

Version: 5.22.1-9ubuntu0.2 2017-11-13 18:06:53 UTC

  perl (5.22.1-9ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via crafted regular expressiion
    - debian/patches/fixes/CVE-2017-12883.patch: fix crafted expression
      with invalid '\N{U+...}' escape in regcomp.c
    - CVE-2017-12883
  * SECURITY UPDATE: heap-based buffer overflow in S_regatom
    - debian/patches/fixes/CVE-2017-12837.patch: fix issue in regcomp.c
    - CVE-2017-12837

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Nov 2017 11:39:06 -0300

CVE-2017-12883 Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disc
CVE-2017-12837 Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to



About   -   Send Feedback to @ubuntu_updates