Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 195
    • Merge Requests 195
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9727

Closed
Open
Opened Dec 04, 2018 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.9] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314)

CVE-2018-18311: Integer overflow leading to buffer overflow

A flaw was found in Perl versions 5.8.0 through 5.28. An Integer overflow leading to buffer overflow
in Perl_my_setenv function in util.c

Fixed In Version:

perl 5.29.1, perl 5.26.3

Reference:

https://rt.perl.org/Public/Bug/Display.html?id=133204

Patch:

https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87

CVE-2018-18312: Heap-buffer-overflow write / reg_node overrun

A flaw was found in Perl versions 5.18 through 5.26. A Heap-buffer-overflow write / reg_node overrun

Fixed In Version:

perl 5.26.3, perl 5.28.1

References:

https://rt.perl.org/Ticket/Display.html?id=133423
https://security-tracker.debian.org/tracker/CVE-2018-18312

CVE-2018-18313: Heap-buffer-overflow read in regcomp.c

A flaw was found in Perl versions 5.22 through 5.26. Heap-buffer-overflow read in regcomp.c

Fixed In Version:

perl 5.26.3, perl 5.28.1

Reference:

https://rt.perl.org/Public/Bug/Display.html?id=133192

Patch:

https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62

CVE-2018-18314: Heap-based buffer overflow

A flaw was found in Perl versions 5.18 through 5.28. A Heap-based buffer overflow

Fixed In Version:

perl 5.26.3, perl 5.28.1

Reference:

https://rt.perl.org/Public/Bug/Display.html?id=131649

Patch:

https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f

(from redmine: issue id 9727, created on 2018-12-04, closed on 2018-12-06)

  • Relations:
    • parent #9726 (closed)
  • Changesets:
    • Revision 13074bff by Natanael Copa on 2018-12-04T14:46:15Z:
main/perl: security upgrade to 5.26.3

CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314

fixes #9727
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.9.0
Milestone
3.9.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#9727