Security update for perl SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4258-1 Final 1 1 2018-12-22T18:14:49Z current 2018-12-22T18:14:49Z 2018-12-22T18:14:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for perl This update for perl fixes the following issues: Secuirty issues fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00063.html E-Mail link for openSUSE-SU-2018:4258-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 perl-5.26.1-lp150.6.6.1 perl-32bit-5.26.1-lp150.6.6.1 perl-base-5.26.1-lp150.6.6.1 perl-base-32bit-5.26.1-lp150.6.6.1 perl-doc-5.26.1-lp150.6.6.1 perl-5.26.1-lp150.6.6.1 as a component of openSUSE Leap 15.0 perl-32bit-5.26.1-lp150.6.6.1 as a component of openSUSE Leap 15.0 perl-base-5.26.1-lp150.6.6.1 as a component of openSUSE Leap 15.0 perl-base-32bit-5.26.1-lp150.6.6.1 as a component of openSUSE Leap 15.0 perl-doc-5.26.1-lp150.6.6.1 as a component of openSUSE Leap 15.0 Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVE-2018-18311 openSUSE Leap 15.0:perl-32bit-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-base-32bit-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-base-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-doc-5.26.1-lp150.6.6.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00063.html https://www.suse.com/security/cve/CVE-2018-18311.html CVE-2018-18311 https://bugzilla.suse.com/1114674 SUSE Bug 1114674 Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVE-2018-18312 openSUSE Leap 15.0:perl-32bit-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-base-32bit-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-base-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-doc-5.26.1-lp150.6.6.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00063.html https://www.suse.com/security/cve/CVE-2018-18312.html CVE-2018-18312 https://bugzilla.suse.com/1114675 SUSE Bug 1114675 Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. CVE-2018-18313 openSUSE Leap 15.0:perl-32bit-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-base-32bit-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-base-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-doc-5.26.1-lp150.6.6.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00063.html https://www.suse.com/security/cve/CVE-2018-18313.html CVE-2018-18313 https://bugzilla.suse.com/1114681 SUSE Bug 1114681 Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVE-2018-18314 openSUSE Leap 15.0:perl-32bit-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-base-32bit-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-base-5.26.1-lp150.6.6.1 openSUSE Leap 15.0:perl-doc-5.26.1-lp150.6.6.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00063.html https://www.suse.com/security/cve/CVE-2018-18314.html CVE-2018-18314 https://bugzilla.suse.com/1114686 SUSE Bug 1114686