데비안 보안 권고

DSA-4347-1 perl -- 보안 업데이트

보고일:
2018년 11월 29일
영향 받는 패키지:
perl
위험성:
보안 데이터베이스 참조:
Mitre의 CVE 사전: CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314.
추가 정보:

Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2018-18311

    Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv leading to a heap-based buffer overflow with attacker-controlled input.

  • CVE-2018-18312

    Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow write during compilation, potentially allowing arbitrary code execution.

  • CVE-2018-18313

    Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow read during compilation which leads to information leak.

  • CVE-2018-18314

    Jakub Wilk discovered that a specially crafted regular expression could lead to a heap-based buffer overflow.

안정 버전(stretch)에서, 이 문제를 버전 5.24.1-3+deb9u5에서 고쳤습니다.

perl 패키지를 업그레이드 하는 게 좋습니다.

perl의 자세한 보안 상태는 보안 추적 페이지 참조: https://security-tracker.debian.org/tracker/perl