========================================================================== Ubuntu Security Notice USN-3625-1 April 16, 2018
perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Perl. Software Description: - perl: Practical Extraction and Report Language Details: It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8853) It was discovered that Perl incorrectly loaded libraries from the current working directory. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6185) It was discovered that Perl incorrectly handled the rmtree and remove_tree functions. A local attacker could possibly use this issue to set the mode on arbitrary files. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-6512) Brian Carpenter discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6797) Nguyen Duc Manh discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6798) GwanYeong Kim discovered that Perl incorrectly handled certain data when using the pack function. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-6913) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: perl 5.26.0-8ubuntu1.1 Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.3 Ubuntu 14.04 LTS: perl 5.18.2-2ubuntu1.4 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3625-1 CVE-2015-8853, CVE-2016-6185, CVE-2017-6512, CVE-2018-6797, CVE-2018-6798, CVE-2018-6913 Package Information: https://launchpad.net/ubuntu/+source/perl/5.26.0-8ubuntu1.1 https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.3 https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.4
signature.asc
Description: OpenPGP digital signature
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce