#4384: perl-5.28.1 --------------------+----------------------- Reporter: bdubbs | Owner: lfs-book Type: task | Status: new Priority: high | Milestone: 8.4 Component: Book | Version: SVN Severity: normal | Resolution: Keywords: | --------------------+----------------------- Changes (by ken@…):
* priority: normal => high Comment: Two security fixes, and a regression fix. [CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault [CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c) A remote user user can create a specially crafted regular expression to cause a heap overflow in S_regatom in 'regcomp.c' during compilation and potentially execute arbitrary code. RT #133368 when(X) is normally compiled as when($_ ~~ X) *except* when X appears to be a boolean expression, in which case it's used directly. 5.28.0 introduced an optimisation whereby comparisons involving index like index(...) != -1 eliminated the comparison, and pp_index() returned a boolean value directly. This defeated the 'look for a boolean op' mechanism, and so when(index(...) != -1) and similar were being incorrectly compiled as when($_ ~~ (index(...) != -1)) NB - for anybody maintaining an older system, 5.26.3 was also released with its own set of CVEs. Versions before that are out of upstream support. Do not forget that upgrading the installed *version* will require you to reinstall ALL extra modules which you have installed. I'm currently testing a patch to apply the relevant changes from 5.28.1 to 5.28.0 so that I can avoid reinstalling hundreds of modules across my current systems. -- Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4384#comment:1> LFS Trac <http://wiki.linuxfromscratch.org/lfs/> Linux From Scratch: Your Distro, Your Rules. -- http://lists.linuxfromscratch.org/listinfo/lfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page