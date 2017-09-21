-----BEGIN PGP SIGNED MESSAGE-----

Debian Security Advisory DSA-3982-1

https://www.debian.org/security/ Salvatore Bonaccorso

September 21, 2017

- -------------------------------------------------------------------------



Package : perl

CVE ID : CVE-2017-12837 CVE-2017-12883

Debian Bug : 875596 875597



Multiple vulnerabilities were discovered in the implementation of the

Perl programming language. The Common Vulnerabilities and Exposures

project identifies the following problems:



CVE-2017-12837



Jakub Wilk reported a heap buffer overflow flaw in the regular

expression compiler, allowing a remote attacker to cause a denial of

service via a specially crafted regular expression with the

case-insensitive modifier.



CVE-2017-12883



Jakub Wilk reported a buffer over-read flaw in the regular

expression parser, allowing a remote attacker to cause a denial of

service or information leak.



For the oldstable distribution (jessie), these problems have been fixed

in version 5.20.2-3+deb8u9.



For the stable distribution (stretch), these problems have been fixed in

version 5.24.1-3+deb9u2.



For the testing distribution (buster), these problems have been fixed

in version 5.26.0-8.



For the unstable distribution (sid), these problems have been fixed in

version 5.26.0-8.



We recommend that you upgrade your perl packages.













