Overview

File _patchinfo of Package patchinfo.7899

<patchinfo incident="7899">
  <issue tracker="bnc" id="1068565">Perl debugger quits on TAB-auto-completion, leaving TTY in bad state</issue>
  <issue tracker="bnc" id="1096718">VUL-0: CVE-2018-12015: perl: Directory traversal in Archive::Tar</issue>
  <issue tracker="cve" id="2018-12015"/>
  <issue id="1082234" tracker="bnc">VUL-0: CVE-2018-6797: perl: heap write overflow bug</issue>
  <issue id="1082233" tracker="bnc">VUL-0: CVE-2018-6798: perl: heap buffer overflow bug</issue>
  <issue id="1082216" tracker="bnc">VUL-0: CVE-2018-6913: perl: heap buffer overflow bug</issue>
  <issue id="2018-6913" tracker="cve" />
  <issue id="2018-6797" tracker="cve" />
  <issue id="2018-6798" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>mlschroe</packager>
  <description>This update for perl fixes the following issues:

These security issue were fixed: 

- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216).
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233).
- CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234).
- CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a
  directory-traversal protection mechanism and overwrite arbitrary files
  (bsc#1096718)

This non-security issue was fixed: 

- fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565]

</description>
  <summary>Security update for perl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places