[Bug 1646751] CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()
https://bugzilla.redhat.com/show_bug.cgi?id=1646751 Paul Harvey changed: What|Removed |Added Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018 |1129,reported=20181105,sour |1129,reported=20181105,sour |ce=upstream,cvss3=7.0/CVSS: |ce=upstream,cvss3=7.0/CVSS: |3.0/AV:N/AC:H/PR:N/UI:N/S:U |3.0/AV:N/AC:H/PR:N/UI:N/S:U |/C:L/I:L/A:H,cwe=CWE-122,rh |/C:L/I:L/A:H,cwe=CWE-122,rh |el-6/perl=notaffected,opens |el-6/perl=notaffected,opens |hift-enterprise-3/perl=new, |hift-enterprise-3/perl=nota |fedora-all/perl=affected,rh |ffected,fedora-all/perl=aff |el-5/perl=notaffected,rhel- |ected,rhel-5/perl=notaffect |7/perl=notaffected,openshif |ed,rhel-7/perl=notaffected, |t-online-3/perl=new,rhel-8/ |openshift-online-3/perl=not |perl=affected,rhscl-3/rh-pe |affected,rhel-8/perl=affect |rl526-perl=affected,rhscl-3 |ed,rhscl-3/rh-perl526-perl= |/rh-perl524-perl=affected,r |affected,rhscl-3/rh-perl524 |hel-8/perl:5.24/perl=affect |-perl=affected,rhel-8/perl: |ed |5.24/perl=affected --- Comment #11 from Paul Harvey --- openshift-enterprise-3: notaffected. I reviewed OpenShift containers for applications with dependencies on perl and was unable to identify any where the perl interpreter would be exposed to attacker-controlled regular expressions which could expose this flaw. There is a perl dependency in our MariaDB packaging, however the only non-test related perl usage is in a backup script (mysqlhotcopy) which is not exposed to attacker-controlled regular expressions. I have not filed trackers as these images will inherit the existing perl fixes next time they are respun. See also https://access.redhat.com/articles/2803031 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1646751] CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()
https://bugzilla.redhat.com/show_bug.cgi?id=1646751 Jayaraj changed: What|Removed |Added CC||jdeen...@redhat.com -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1646751] CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()
https://bugzilla.redhat.com/show_bug.cgi?id=1646751 --- Comment #7 from errata-xmlrpc --- This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2019:0010 https://access.redhat.com/errata/RHSA-2019:0010 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1646751] CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()
https://bugzilla.redhat.com/show_bug.cgi?id=1646751 errata-xmlrpc changed: What|Removed |Added External Bug ID||Red Hat Product Errata ||RHSA-2019:0010 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1646751] CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()
https://bugzilla.redhat.com/show_bug.cgi?id=1646751 --- Comment #6 from errata-xmlrpc --- This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:0001 https://access.redhat.com/errata/RHSA-2019:0001 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1646751] CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()
https://bugzilla.redhat.com/show_bug.cgi?id=1646751 errata-xmlrpc changed: What|Removed |Added External Bug ID||Red Hat Product Errata ||RHSA-2019:0001 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1646751] CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()
https://bugzilla.redhat.com/show_bug.cgi?id=1646751 Tomas Hoger changed: What|Removed |Added Summary|CVE-2018-18314 perl:|CVE-2018-18314 perl: |Heap-based buffer overflow |Heap-based buffer overflow ||in S_regatom() -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org