SUSE-CU-2020:349-1: Security update of suse/sles12sp5

sle-security-updates at sle-security-updates at
Thu Jun 25 01:35:41 MDT 2020

SUSE Container Update Advisory: suse/sles12sp5
Container Advisory ID : SUSE-CU-2020:349-1
Container Tags        : suse/sles12sp5:6.5.15 , suse/sles12sp5:latest
Container Release     : 6.5.15
Severity              : important
Type                  : security
References            : 1102840 1160039 1170601 1171863 1171864 1171866 CVE-2020-10543
                        CVE-2020-10878 CVE-2020-12723 

The container suse/sles12sp5 was updated. The following patches have been included in this update:

Advisory ID: SUSE-SU-2020:1662-1
Released:    Thu Jun 18 11:13:05 2020
Summary:     Security update for perl
Type:        security
Severity:    important
References:  1102840,1160039,1170601,1171863,1171864,1171866,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723
This update for perl fixes the following issues:

- CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have 
  allowed overwriting of allocated memory with attacker's data (bsc#1171863).
- CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of 
  instructions into the compiled form of Perl regular expression (bsc#1171864).
- CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a 
  compiled regular expression (bsc#1171866).
- Fixed utf8 handling in perldoc by useing 'term' instead of 'man' (bsc#1170601).
- Some packages make assumptions about the date and time they are built. 
  This update will solve the issues caused by calling the perl function timelocal
  expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039)

More information about the sle-security-updates mailing list