Security update for perl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0976-1 Final 1 1 2018-04-18T06:30:09Z current 2018-04-18T06:30:09Z 2018-04-18T06:30:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for perl This update for perl fixes the following issues: Security issue fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-perl-13564,slessp4-perl-13564 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180976-1/ Link for SUSE-SU-2018:0976-1 https://lists.suse.com/pipermail/sle-security-updates/2018-April/003898.html E-Mail link for SUSE-SU-2018:0976-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1082216 SUSE Bug 1082216 https://bugzilla.suse.com/1082233 SUSE Bug 1082233 https://www.suse.com/security/cve/CVE-2018-6798/ SUSE CVE CVE-2018-6798 page https://www.suse.com/security/cve/CVE-2018-6913/ SUSE CVE CVE-2018-6913 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 perl-base-32bit-5.10.0-64.81.10.1 perl-5.10.0-64.81.10.1 perl-32bit-5.10.0-64.81.10.1 perl-Module-Build-0.2808.01-0.81.10.1 perl-Test-Simple-0.72-0.81.10.1 perl-base-5.10.0-64.81.10.1 perl-doc-5.10.0-64.81.10.1 perl-x86-5.10.0-64.81.10.1 perl-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-32bit-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-Module-Build-0.2808.01-0.81.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-Test-Simple-0.72-0.81.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-base-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-doc-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-x86-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-32bit-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-Module-Build-0.2808.01-0.81.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-Test-Simple-0.72-0.81.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-base-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-doc-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-x86-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 perl-base-32bit-5.10.0-64.81.10.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. CVE-2018-6798 SUSE Linux Enterprise Server 11 SP4:perl-32bit-5.10.0-64.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-5.10.0-64.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-Module-Build-0.2808.01-0.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-Test-Simple-0.72-0.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-base-5.10.0-64.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-doc-5.10.0-64.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-x86-5.10.0-64.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-32bit-5.10.0-64.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-5.10.0-64.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-Module-Build-0.2808.01-0.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-Test-Simple-0.72-0.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-base-5.10.0-64.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-doc-5.10.0-64.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-x86-5.10.0-64.81.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:perl-base-32bit-5.10.0-64.81.10.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180976-1/ https://www.suse.com/security/cve/CVE-2018-6798.html CVE-2018-6798 https://bugzilla.suse.com/1082233 SUSE Bug 1082233 https://bugzilla.suse.com/1106717 SUSE Bug 1106717 Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. CVE-2018-6913 SUSE Linux Enterprise Server 11 SP4:perl-32bit-5.10.0-64.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-5.10.0-64.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-Module-Build-0.2808.01-0.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-Test-Simple-0.72-0.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-base-5.10.0-64.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-doc-5.10.0-64.81.10.1 SUSE Linux Enterprise Server 11 SP4:perl-x86-5.10.0-64.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-32bit-5.10.0-64.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-5.10.0-64.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-Module-Build-0.2808.01-0.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-Test-Simple-0.72-0.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-base-5.10.0-64.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-doc-5.10.0-64.81.10.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-x86-5.10.0-64.81.10.1 SUSE Linux Enterprise Software Development Kit 11 SP4:perl-base-32bit-5.10.0-64.81.10.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180976-1/ https://www.suse.com/security/cve/CVE-2018-6913.html CVE-2018-6913 https://bugzilla.suse.com/1082216 SUSE Bug 1082216 https://bugzilla.suse.com/1106717 SUSE Bug 1106717 https://bugzilla.suse.com/1224040 SUSE Bug 1224040