Advisories » MGASA-2018-0049

Updated perl packages fix security vulnerability

Publication date: 03 Jan 2018
Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-12837 , CVE-2017-12883

Description

Jakub Wilk reported a heap buffer overflow flaw in the regular expression
compiler, allowing a remote attacker to cause a denial of service via a
specially crafted regular expression with the case-insensitive modifier
(CVE-2017-12837).

Jakub Wilk reported a buffer over-read flaw in the regular expression
parser, allowing a remote attacker to cause a denial of service or
information leak (CVE-2017-12883).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21752
• https://www.debian.org/security/2017/dsa-3982
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883

SRPMS

6/core

• perl-5.22.3-3.1.mga6