#4384: perl-5.28.1
--------------------+-----------------------
Reporter: bdubbs | Owner: lfs-book
Type: task | Status: new
Priority: high | Milestone: 8.4
Component: Book | Version: SVN
Severity: normal | Resolution:
Keywords: |
--------------------+-----------------------
Changes (by ken@…):
* priority: normal => high
Comment:
Two security fixes, and a regression fix.
[CVE-2018-18311] Integer overflow leading to buffer overflow and
segmentation fault
[CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c)
A remote user user can create a specially crafted regular expression to
cause a heap overflow in S_regatom in 'regcomp.c' during compilation and
potentially execute arbitrary code.
RT #133368
when(X) is normally compiled as when($_ ~~ X) *except* when X appears
to
be a boolean expression, in which case it's used directly.
5.28.0 introduced an optimisation whereby comparisons involving index
like
index(...) != -1
eliminated the comparison, and pp_index() returned a boolean value
directly. This defeated the 'look for a boolean op' mechanism, and so
when(index(...) != -1)
and similar were being incorrectly compiled as
when($_ ~~ (index(...) != -1))
NB - for anybody maintaining an older system, 5.26.3 was also released
with its own set of CVEs. Versions before that are out of upstream
support. Do not forget that upgrading the installed *version* will require
you to reinstall ALL extra modules which you have installed.
I'm currently testing a patch to apply the relevant changes from 5.28.1 to
5.28.0 so that I can avoid reinstalling hundreds of modules across my
current systems.
--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4384#comment:1>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
--
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
