{"id":"MGASA-2018-0047","summary":"Updated perl packages fix security vulnerability","details":"John Lightsey and Todd Rinaldo reported that the opportunistic loading of\noptional modules can make many programs unintentionally load code from the\ncurrent working directory (which might be changed to another directory\nwithout the user realising) and potentially leading to privilege escalation\n(CVE-2016-1238).\n\nThe cPanel Security Team reported a time of check to time of use (TOCTTOU)\nrace condition flaw in File::Path, a core module from Perl to create or\nremove directory trees. An attacker can take advantage of this flaw to set\nthe mode on an attacker-chosen file to a attacker-chosen value\n(CVE-2017-6512).\n\nJakub Wilk reported a heap buffer overflow flaw in the regular expression\ncompiler, allowing a remote attacker to cause a denial of service via a\n specially crafted regular expression with the case-insensitive modifier\n(CVE-2017-12837).\n\nJakub Wilk reported a buffer over-read flaw in the regular expression\nparser, allowing a remote attacker to cause a denial of service or\ninformation leak (CVE-2017-12883).\n\nThe perl-libintl-perl, perl-MIME-Charset, perl-MIME-EncWords,\nperl-Module-Build, perl-Sys-Syslog, and perl-Unicode-LineBreak packages\nhave been patched and the perl-Module-Load-Conditional and perl-Net-DNS\npackages have been updated to fix CVE-2016-1238 as well.\n\nThe perl-File-Path package has also been patched to fix CVE-2017-6512.\n","modified":"2026-02-01T21:00:27.237651Z","published":"2018-01-03T15:50:51Z","related":["CVE-2016-1238","CVE-2017-12837","CVE-2017-12883","CVE-2017-6512"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0047.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19051"},{"type":"REPORT","url":"https://www.debian.org/security/2016/dsa-3628"},{"type":"REPORT","url":"https://www.debian.org/security/2017/dsa-3873"},{"type":"REPORT","url":"https://www.debian.org/security/2017/dsa-3982"}],"affected":[{"package":{"name":"perl","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.20.1-8.7.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0047.json"}},{"package":{"name":"perl-libintl-perl","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-libintl-perl?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.230.0-6.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0047.json"}},{"package":{"name":"perl-MIME-Charset","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-MIME-Charset?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11.1-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0047.json"}},{"package":{"name":"perl-MIME-EncWords","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-MIME-EncWords?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.14.2-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0047.json"}},{"package":{"name":"perl-Module-Build","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-Module-Build?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.421.0-5.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0047.json"}},{"package":{"name":"perl-Module-Load-Conditional","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-Module-Load-Conditional?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.680.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0047.json"}},{"package":{"name":"perl-Net-DNS","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-Net-DNS?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.90.0-0.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0047.json"}},{"package":{"name":"perl-Sys-Syslog","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-Sys-Syslog?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.330.0-7.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0047.json"}},{"package":{"name":"perl-Unicode-LineBreak","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-Unicode-LineBreak?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2014.60.0-5.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0047.json"}},{"package":{"name":"perl-File-Path","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl-File-Path?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.90.0-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0047.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}