Updated perl packages fix security vulnerabilities
Publication date: 16 May 2018Modification date: 16 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6797 , CVE-2018-6798 , CVE-2018-6913
Description
Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with control over the bytes written (CVE-2018-6797). Nguyen Duc Manh reported that matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure (CVE-2018-6798). GwanYeong Kim reported that 'pack()' could cause a heap buffer write overflow with a large item count (CVE-2018-6913).
References
SRPMS
6/core
- perl-5.22.3-3.2.mga6