You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa perl

Sigurnosni nedostatak programskog paketa perl

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3684-1
June 13, 2018

perl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Perl could be made to overwrite arbitrary files if it received
a specially crafted archive file.

Software Description:
– perl: Practical Extraction and Report Language

Details:

It was discovered that Perl incorrectly handled certain archive files.
An attacker could possibly use this to overwrite arbitrary files.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
perl                            5.26.1-6ubuntu0.1

Ubuntu 17.10:
perl                            5.26.0-8ubuntu1.2

Ubuntu 16.04 LTS:
perl                            5.22.1-9ubuntu0.5

Ubuntu 14.04 LTS:
perl                            5.18.2-2ubuntu1.6

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3684-1
CVE-2018-12015

Package Information:
https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.1
https://launchpad.net/ubuntu/+source/perl/5.26.0-8ubuntu1.2
https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.5
https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.6—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbIVl+AAoJEEW851uECx9phKIP/iw6ZQ4DJU2z0F+XxUU08XPd
QOZQUzMyRpu6nMMr0hhcUuvUr82KDwMqws4DN04WvmHd8cZr1kOHCKIpUxRZha2+
o57SsqByjRNRLnhwbBAeMbRu+PZWasTT7JMeHQI35ErmTW41mOnIkUxzVNyLwlLv
Nig+vf4+2RxRQ6aisjDPBlqSWdJf3DsFy0DNI4fsSd+j9rgjU1Tj1a/0M/zmSqL+
sGNbPAoVvZdEN5NDFjCP8ec7E03gn0DjC+m1kripdUrpz5xsTqoE8q4wNKEV7v7A
rwHXd8JINM+LAR+JQqUmj/Sd/y8BL3gwbfj03a2y5zhg7t3x4NaXM/6tY0xBYWf7
aRF0DvGb+RRKRhOn/mKNbUKQBlq+4UsK8ilG5oLvyt2iRLFFRCi6lRbrz+PBnAm2
1DXU2BtB4MYc6XfwRF0glssoJmw139UbytG/ZeMPnEdCF3aPuOHeY4HkjiSyv13W
8NEZUVNH218bjGyDojTlJoE7dH6sLpWsTdUemXEEicjWZ6c9HBvVRfSTYXhKjnI4
gdFhNfmIt2GIcWFNyc5Zi77EXc5FJQG/0+u7TyLiVusDL9JY8r1Q5PYRPZuIQ+1V
URqG2/DkhyCqrT/5JFL8JKWp3lG6triabQGROvtkZjJ/Gy+7S4qfVZTtrTzajb3I
7XS6AIpDOZr8rSJt1dYO
=YVbt
—–END PGP SIGNATURE—–

 

 

==========================================================================
Ubuntu Security Notice USN-3684-2
June 13, 2018

perl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Perl could be made to overwrite arbitrary files if it received
a specially crafted archive file.

Software Description:
– perl: Practical Extraction and Report Language

Details:

USN-3684-1 fixed a vulnerability in perl. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that Perl incorrectly handled certain archive files.
An attacker could possibly use this to overwrite arbitrary files.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
perl                            5.14.2-6ubuntu2.8

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3684-2
https://usn.ubuntu.com/usn/usn-3684-1
CVE-2018-12015—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbIWZdAAoJEEW851uECx9pcv4P/3Z1mCN013WmLHJ7aH3ZGEvP
gluE+c9YoHxBhKtyD5DsRArN9kSEx9u8C2O+LO9GzV/PtQp0YUdoUVTYrNVluEMh
gu83JMvQDx4KbIWOICY1Fhz6/P+3bLbMOu2vH9K/HfkF/62KQvX4KW71qTwkPx34
ImjdBlJTVQ1ZdjpbFhammQ1jGL2ZMfpMPlHhpq78Dnq97qQIJZdnpxHVoqSy1KAm
IZGJaWFovUfMPz69nmX7LN8B9QFPDKa+HFlmqod8ubu1SK6a5MnWzjQ7yD3KYl1k
tyH7VX8VLK6VG9PEIGIRoGSPheMVMVM69scNiDQ+XiaPac0ql3/ozzPHi12CPkZz
iSTNiwuCGCZ1XfmJIulSZIi3MUzU9tWJB2iHHZmed1oDFLXTwhIr1dU4NsaB3CtG
8doRXSATbPmXfxnTRbKFGe3ShKKbARrzUR0q80sd7IqiVpo6tuDQZ4E53YO1dHfF
dI7vHsE9fFiLxBAXGvJNykshUeO3QSRiYe9HBpNkxmcbxSwrqGYIaXHeQrkbeZIQ
8hNkFUAS9Vg+Ub6y51HCo+Q8kKeS/7vHvHlwBDpb7T2OKxrTZWGzYlX7z5Mb84/+
LfaC74G8FRZ0ZAA9B0BThOknCtzCcOb/qE4udMu55tCz9ylsnQqGZuLqsejo8GDP
7lLoR6Dqaz72lgpAtfcr
=TAi6
—–END PGP SIGNATURE—–

AutorAndrej Sefic
Cert idNCERT-REF-2018-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top