Advisories » MGASA-2018-0241

Updated perl packages fix security vulnerabilities

Publication date: 16 May 2018
Modification date: 16 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6797 , CVE-2018-6798 , CVE-2018-6913

Description

Brian Carpenter reported that a crafted regular expression could cause
a heap buffer write overflow, with control over the bytes written
(CVE-2018-6797).

Nguyen Duc Manh reported that matching a crafted locale dependent
regular expression can cause a heap-based buffer over-read and
potentially information disclosure (CVE-2018-6798).

GwanYeong Kim reported that 'pack()' could cause a heap buffer write
overflow with a large item count (CVE-2018-6913).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22913
• https://www.debian.org/security/2018/dsa-4172
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6797
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6798
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6913

SRPMS

6/core

• perl-5.22.3-3.2.mga6