MGASA-2018-0047

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0047.html

Import Source

https://advisories.mageia.org/MGASA-2018-0047.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0047

Related

Published

2018-01-03T15:50:51Z

Modified

2018-01-03T15:25:55Z

Summary

Updated perl packages fix security vulnerability

Details

John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory (which might be changed to another directory without the user realising) and potentially leading to privilege escalation (CVE-2016-1238).

The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value (CVE-2017-6512).

Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier (CVE-2017-12837).

Jakub Wilk reported a buffer over-read flaw in the regular expression parser, allowing a remote attacker to cause a denial of service or information leak (CVE-2017-12883).

The perl-libintl-perl, perl-MIME-Charset, perl-MIME-EncWords, perl-Module-Build, perl-Sys-Syslog, and perl-Unicode-LineBreak packages have been patched and the perl-Module-Load-Conditional and perl-Net-DNS packages have been updated to fix CVE-2016-1238 as well.

The perl-File-Path package has also been patched to fix CVE-2017-6512.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / perl

Package

Name: perl
Purl: pkg:rpm/mageia/perl?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.20.1-8.7.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / perl-libintl-perl

Package

Name: perl-libintl-perl
Purl: pkg:rpm/mageia/perl-libintl-perl?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.230.0-6.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / perl-MIME-Charset

Package

Name: perl-MIME-Charset
Purl: pkg:rpm/mageia/perl-MIME-Charset?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.1-4.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / perl-MIME-EncWords

Package

Name: perl-MIME-EncWords
Purl: pkg:rpm/mageia/perl-MIME-EncWords?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.2-4.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / perl-Module-Build

Package

Name: perl-Module-Build
Purl: pkg:rpm/mageia/perl-Module-Build?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.421.0-5.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / perl-Module-Load-Conditional

Package

Name: perl-Module-Load-Conditional
Purl: pkg:rpm/mageia/perl-Module-Load-Conditional?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.680.0-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / perl-Net-DNS

Package

Name: perl-Net-DNS
Purl: pkg:rpm/mageia/perl-Net-DNS?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.90.0-0.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / perl-Sys-Syslog

Package

Name: perl-Sys-Syslog
Purl: pkg:rpm/mageia/perl-Sys-Syslog?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.330.0-7.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / perl-Unicode-LineBreak

Package

Name: perl-Unicode-LineBreak
Purl: pkg:rpm/mageia/perl-Unicode-LineBreak?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.60.0-5.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / perl-File-Path

Package

Name: perl-File-Path
Purl: pkg:rpm/mageia/perl-File-Path?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.90.0-4.1.mga5

Ecosystem specific

{
    "section": "core"
}