Project

General

Profile

Bug #7897

Bug #7896: perl: Multiple vulnerabilities (CVE-2016-1238, CVE-2017-12837, CVE-2017-12883)

[3.7] perl: Multiple vulnerabilities (CVE-2017-12837, CVE-2017-12883)

Added by Alicha CH about 1 year ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
09/25/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:

Description

CVE-2017-12837: Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1
allows remote attackers to cause a denial of service (crash) via a crafted regular expression with the case-insensitive modifier.

References:

https://rt.perl.org/Public/Bug/Display.html?id=131582
https://nvd.nist.gov/vuln/detail/CVE-2017-12837

Patches:

maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/66288bb3f44c8aa5122e5f40d8cfc0eada8b1695
maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/f7e5417e7bffba03947b66e4d8622d7c220f2876

CVE-2017-12883: Buffer overflow in the regular expression parser in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote
attackers to cause a denial of service (crash) or leak data from memory via vectors involving use of RExC_parse in the vFAIL macro.

References:

https://rt.perl.org/Public/Bug/Display.html?id=131598
https://nvd.nist.gov/vuln/detail/CVE-2017-12883

Patches:

maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/2692dda97731c37082a0075eff50d741901c665f
maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/40b3cdad3649334585cee8f4630ec9a025e62be6

Associated revisions

Revision 61d4fc18 (diff)
Added by Natanael Copa about 1 year ago

main/perl: security upgrade to 5.26.1 (CVE-2017-12837,CVE-2017-12883)

fixes #7897

History

#1 Updated by Natanael Copa about 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 12 months ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF