SUSE-SU-2017:3092-1 -- SLES perlID: oval:org.secpod.oval:def:89044661 | Date: (C)2021-07-07 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for perl fixes the following issues: Security issues fixed: - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service via a regular expression with a "\N{}" escape and the case-insensitive modifier. - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service via a crafted regular expression with an invalid "\N{U+...}" escape. - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. Bug fixes: - backport set_capture_string changes from upstream - reformat baselibs.conf as source validator workaround
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |