SUSE-SU-2017:3092-1: moderate: Security update for perl

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Nov 24 13:21:41 MST 2017


   SUSE Security Update: Security update for perl
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:3092-1
Rating:             moderate
References:         #1047178 #1057721 #1057724 #999735 
Cross-References:   CVE-2017-12837 CVE-2017-12883 CVE-2017-6512
                   
Affected Products:
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Server 12-SP2
                    SUSE Linux Enterprise Desktop 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP2
                    SUSE Container as a Service Platform ALL
                    OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:

   This update for perl fixes the following issues:

   Security issues fixed:
   - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in
     regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1
     allows remote attackers to cause a denial of service (out-of-bounds
     write) via a regular expression with a '\N{}' escape and the
     case-insensitive modifier. (bnc#1057724)
   - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in
     regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1
     allows remote attackers to disclose sensitive information
     or cause a denial of service (application crash) via a crafted regular
      expression with an invalid '\N{U+...}' escape. (bnc#1057721)
   - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in
     the File-Path module before 2.13 for Perl allows attackers to set the
     mode on arbitrary files via vectors involving directory-permission
     loosening logic. (bnc#1047178)

   Bug fixes:
   - backport set_capture_string changes from upstream (bsc#999735)
   - reformat baselibs.conf as source validator workaround


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1903=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1903=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1903=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1903=1

   - SUSE Linux Enterprise Desktop 12-SP2:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1903=1

   - SUSE Container as a Service Platform ALL:

      zypper in -t patch SUSE-CAASP-ALL-2017-1903=1

   - OpenStack Cloud Magnum Orchestration 7:

      zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1903=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      perl-5.18.2-12.3.1
      perl-base-5.18.2-12.3.1
      perl-base-debuginfo-5.18.2-12.3.1
      perl-debuginfo-5.18.2-12.3.1
      perl-debugsource-5.18.2-12.3.1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

      perl-doc-5.18.2-12.3.1

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      perl-5.18.2-12.3.1
      perl-base-5.18.2-12.3.1
      perl-base-debuginfo-5.18.2-12.3.1
      perl-debuginfo-5.18.2-12.3.1
      perl-debugsource-5.18.2-12.3.1

   - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):

      perl-32bit-5.18.2-12.3.1
      perl-debuginfo-32bit-5.18.2-12.3.1

   - SUSE Linux Enterprise Server 12-SP3 (noarch):

      perl-doc-5.18.2-12.3.1

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

      perl-5.18.2-12.3.1
      perl-base-5.18.2-12.3.1
      perl-base-debuginfo-5.18.2-12.3.1
      perl-debuginfo-5.18.2-12.3.1
      perl-debugsource-5.18.2-12.3.1

   - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):

      perl-32bit-5.18.2-12.3.1
      perl-debuginfo-32bit-5.18.2-12.3.1

   - SUSE Linux Enterprise Server 12-SP2 (noarch):

      perl-doc-5.18.2-12.3.1

   - SUSE Linux Enterprise Desktop 12-SP3 (noarch):

      perl-doc-5.18.2-12.3.1

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      perl-32bit-5.18.2-12.3.1
      perl-5.18.2-12.3.1
      perl-base-5.18.2-12.3.1
      perl-base-debuginfo-5.18.2-12.3.1
      perl-debuginfo-32bit-5.18.2-12.3.1
      perl-debuginfo-5.18.2-12.3.1
      perl-debugsource-5.18.2-12.3.1

   - SUSE Linux Enterprise Desktop 12-SP2 (noarch):

      perl-doc-5.18.2-12.3.1

   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

      perl-32bit-5.18.2-12.3.1
      perl-5.18.2-12.3.1
      perl-base-5.18.2-12.3.1
      perl-base-debuginfo-5.18.2-12.3.1
      perl-debuginfo-32bit-5.18.2-12.3.1
      perl-debuginfo-5.18.2-12.3.1
      perl-debugsource-5.18.2-12.3.1

   - SUSE Container as a Service Platform ALL (x86_64):

      perl-5.18.2-12.3.1
      perl-base-5.18.2-12.3.1
      perl-base-debuginfo-5.18.2-12.3.1
      perl-debuginfo-5.18.2-12.3.1
      perl-debugsource-5.18.2-12.3.1

   - OpenStack Cloud Magnum Orchestration 7 (x86_64):

      perl-5.18.2-12.3.1
      perl-base-5.18.2-12.3.1
      perl-base-debuginfo-5.18.2-12.3.1
      perl-debuginfo-5.18.2-12.3.1
      perl-debugsource-5.18.2-12.3.1


References:

   https://www.suse.com/security/cve/CVE-2017-12837.html
   https://www.suse.com/security/cve/CVE-2017-12883.html
   https://www.suse.com/security/cve/CVE-2017-6512.html
   https://bugzilla.suse.com/1047178
   https://bugzilla.suse.com/1057721
   https://bugzilla.suse.com/1057724
   https://bugzilla.suse.com/999735



More information about the sle-security-updates mailing list