[3.3] perl: Multiple vulnerabilities (CVE-2016-1238, CVE-2017-12837, CVE-2017-12883)
CVE-2016-1238: loading of modules from current directory
Fixed In Version:
perl 5.22.3, perl 5.24.1
CVE-2017-12837: Heap-based buffer overflow in the regular expression
compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1
allows remote attackers to cause a denial of service (crash) via a crafted regular expression with the case-insensitive modifier.
CVE-2017-12883: Buffer overflow in the regular expression parser in
PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote
attackers to cause a denial of service (crash) or leak data from memory via vectors involving use of RExC_parse in the vFAIL macro.
(from redmine: issue id 7901, created on 2017-09-25, closed on 2017-10-24)
- parent #7896 (closed)
- Revision cd0cf727 by Natanael Copa on 2017-10-10T12:31:55Z:
main/perl: upgrade to 5.22.3 + security fixes - CVE-2016-1238 - CVE-2017-12837 - CVE-2017-12883 fixes #7901