Advisories » MGASA-2016-0191

Updated perl packages fix security vulnerability

Publication date: 20 May 2016
Modification date: 20 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8853

Description

The regex engine got into an infinite loop because of the malformation. It
is trying to back-up over a sequence of UTF-8 continuation bytes. The
character just before the sequence should be a start byte. If it's not,
there is a malformation which results in "hang" of regexp matching and CPU
exhaustion (CVE-2015-8853).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18423
• https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8853

SRPMS

5/core

• perl-5.20.1-8.3.mga5