Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Perl
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Perl
ID: USN-4602-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
Datum: Mo, 26. Oktober 2020, 22:56
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
Applikationen: Perl

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0443060688254414051==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="z0sn7vfCWEL8urZFPQayDGHVtq7tW7Qkg"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--z0sn7vfCWEL8urZFPQayDGHVtq7tW7Qkg
Content-Type: multipart/mixed;
boundary="kd43Z32lktG6Jcj4dbxaSZe8LHkY6LJfC"

--kd43Z32lktG6Jcj4dbxaSZe8LHkY6LJfC
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4602-1
October 26, 2020

perl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Perl.

Software Description:
- perl: Practical Extraction and Report Language

Details:

ManhND discovered that Perl incorrectly handled certain regular
expressions. In environments where untrusted regular expressions are
evaluated, a remote attacker could possibly use this issue to cause Perl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-10543)

Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly
handled certain regular expressions. In environments where untrusted
regular expressions are evaluated, a remote attacker could possibly use
this issue to cause Perl to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2020-10878)

Sergey Aleynikov discovered that Perl incorrectly handled certain regular
expressions. In environments where untrusted regular expressions are
evaluated, a remote attacker could possibly use this issue to cause Perl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-12723)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
perl 5.30.0-9ubuntu0.2

Ubuntu 18.04 LTS:
perl 5.26.1-6ubuntu0.5

Ubuntu 16.04 LTS:
perl 5.22.1-9ubuntu0.9

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4602-1
CVE-2020-10543, CVE-2020-10878, CVE-2020-12723

Package Information:
https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2
https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5
https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9


--kd43Z32lktG6Jcj4dbxaSZe8LHkY6LJfC--

--z0sn7vfCWEL8urZFPQayDGHVtq7tW7Qkg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl+WtgEACgkQZWnYVadE
vpOfrg/+LBhJSw3wFB7o4CzFDyiKcVKPybRqWTs1DXlU12jGFILKAUQxss0FAtlR
dHGPgGiku/+an0YHaZCbiS0rkT/EcwI4recZtSeS/v3377sFKvIPd410zlN49s09
mlIN7fRhnKYj/z7+NwlAoFxqAMkszZrl624YHvaAYt0Vb3zzbUEv1xIVZC7tk5i0
k9Spny71CjiIkA8553R8LRGmd2e2KRbOI4/fpEAlegQfLZv+HXH8D2cfRgH8/koC
bny/X8ljBfBi2s6ETzT0l3eJtlzRlUst3q1EzLV/VewRhI+SxDhhwywROmmpR6nR
g2Av6+Lq24Iij6OVbEmsU+mxtXEIp77zHUpQG0/NtILrccLs1/4mfoSQRYTgpcV7
hs6MxIkadTI2+GbL0yT3bZhLGYQiWUGU4VhxUhZJap8cueUUJDEf+cqfM9gQJUNA
Vf+kSOPZH2b4uNvKpYRZxdi/LE1c1VixnFVrANWQcwQKr7N+fs/xO/NJk3yvQCly
xQwHSxENbp+8CZzuwJ/umFSTpiTRwmMwSdCnHVYp0qbtzauwVE28et96cl4XKDa/
ZIEwyz1GxYqsifxHtKUGNmRWKHYi7j1uBVIxafnUdJ6O3ayRJjLnAMr/HXwo48/M
yLYPE/ysC9eYjggDv4LNFcQI1UMuk3msj5I5wgJnVWGSBSxTMzA=
=2If+
-----END PGP SIGNATURE-----

--z0sn7vfCWEL8urZFPQayDGHVtq7tW7Qkg--


--===============0443060688254414051==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============0443060688254414051==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung