Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for perl

This update for perl fixes the following issues:

Security issues fixed:
- CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before
5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service
(out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive
modifier. (bnc#1057724)
- CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before
5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information
or cause a denial of service (application crash) via a crafted regular expression with an invalid
'\N{U+...}' escape. (bnc#1057721)
- CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module
before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving
directory-permission loosening logic. (bnc#1047178)

Bug fixes:
- backport set_capture_string changes from upstream (bsc#999735)
- reformat baselibs.conf as source validator workaround

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1057724
VUL-0: CVE-2017-12837: perl: Heap Heap overflow when compiling case-insensitive regexpoverflow when compiling case-insensitive regexp
bnc#1047178
VUL-0: CVE-2017-6512 perl: File::Path rmtree/remove_tree race condition
bnc#999735
Perl 5.18.2 has buggy @- support
bnc#1057721
VUL-0: CVE-2017-12883: perl: Buffer over-read in lookup
CVE-2017-12837
CVE-2017-12883
CVE-2017-6512
Selected Binaries
openSUSE Build Service is sponsored by
Places