SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1682

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1682

Security update for perl

Type: security

Severity: important

Issued: 2020-06-19

Description:

This update for perl fixes the following issues:

- CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have 
  allowed overwriting of allocated memory with attacker's data (bsc#1171863).
- CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of 
  instructions into the compiled form of Perl regular expression (bsc#1171864).
- CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a 
  compiled regular expression (bsc#1171866).
- Fixed a bad warning in features.ph (bsc#1172348).

References

CVE: CVE-2020-12723
CVE: CVE-2020-10878
CVE: CVE-2020-10543
Bugzilla: 1172348 L3-Question: Perl warning: _FORTIFY_SOURCE requires compiling with optimization (-O)
Bugzilla: 1171866 VUL-0: CVE-2020-12723: perl: corruption of the intermediate language state of a compiled regular expression
Bugzilla: 1171864 VUL-0: CVE-2020-10878: perl: integer overflows may allow an attacker to insert instructions into the compiled form of a Perl regular expression
Bugzilla: 1171863 VUL-0: CVE-2020-10543: perl: heap buffer overflow in regular expression compiler which overwrites memory allocated with attacker's data

Packages

perl-5.26.1-7.12.1