First published: Tue Apr 17 2018(Updated: )
USN-3625-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. (CVE-2015-8853) It was discovered that Perl incorrectly loaded libraries from the current working directory. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2016-6185) It was discovered that Perl incorrectly handled the rmtree and remove_tree functions. A local attacker could possibly use this issue to set the mode on arbitrary files. (CVE-2017-6512) GwanYeong Kim discovered that Perl incorrectly handled certain data when using the pack function. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-6913)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/perl | <5.14.2-6ubuntu2.7 | 5.14.2-6ubuntu2.7 |
=12.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this advisory is USN-3625-2.
The Perl package version 5.14.2-6ubuntu2.7 on Ubuntu 12.04 is affected by this vulnerability.
The severity of this vulnerability is not specified in the advisory.
To fix this vulnerability, update the Perl package to version 5.14.2-6ubuntu2.7 or later.
You can find more information about this vulnerability in the Ubuntu Security Notices at https://ubuntu.com/security/CVE-2015-8853, https://ubuntu.com/security/CVE-2016-6185, and https://ubuntu.com/security/CVE-2017-6512.