[SECURITY] [DLA 1601-1] perl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1601-1] perl security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Fri, 30 Nov 2018 16:10:04 +0100
Message-id: <[🔎] 9d352d13-4640-fd7c-7e03-310ca5d3e097@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : perl
Version        : 5.20.2-3+deb8u12
CVE ID         : CVE-2018-18311

Jayakrishna Menon and Christophe Hauser discovered an integer
overflow vulnerability in Perl_my_setenv leading to a heap-based
buffer overflow with attacker-controlled input.

For Debian 8 "Jessie", this problem has been fixed in version
5.20.2-3+deb8u12.

We recommend that you upgrade your perl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlwBUsgACgkQnUbEiOQ2
gwIf2w/9G932X/2dDd4h4zqnEg4ccJnjEdAYYn8fmnEXnnAdTxT8UvUIcjCP22Ck
Vj7iXOSzcMwe+5soFOV26xZiCI4mI+pfrUme+auR95ITvw9UY8vFoRhQYSLT14qK
RTcE3govwcKSJ7nf53fIx9xAgoSUmhJBSepFUlY+4ZttDISvIYAUlTQ8HxYzRPsz
cgnK4Df5KKCR+okx9p2QraXqvb+LWzruLUba5qcLN5GnPS2M610BaeEyuZ8p0wy2
WTX0jKUhVtBq4WdumidGf3g5LoUed1uhfRBJXsfCLj0hiS+bTyhganc1GEJSGXqv
1fEgrhPkRX3ozMX6xZOfkHe+hggZe7RVTZeGAvym5WvlLt72u75NLwWhz+oGutGN
JeAvPCG3cULL0xHMORMfMKmso1zvhMWqpbtgVTxlIfxEbPD+iVrNvrgH5y6vXrVb
bWM2fkCZBljwLAUWBSIAZYr/LND95F6fGwFWEr73tcpjOgAQzPp9YuW+wsEwQuLN
JDqGobQs4lzgig6BnGUDccvBryVyyFdZhZfyTpv2edFPlDvZ0r7M2TJ7zNDTZ7UU
WQXDugQdD0wjnamF7WnihtUkZujZkj0WUp+D4J4+VaN2TbdFreys1VQ3pluIcnUm
54WlBWcFc9orDCAac85HVgJtzDk1Pl5WC/Wp+51gtszvY7lVqcY=
=hM7Q
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1599-1] qemu security update
Next by Date: [SECURITY] [DLA 1562-2] poppler security update
Previous by thread: [SECURITY] [DLA 1599-1] qemu security update
Next by thread: [SECURITY] [DLA 1562-2] poppler security update
Index(es):
- Date
- Thread