USN-3625-1: Perl vulnerabilities

16 April 2018

Several security issues were fixed in Perl.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • perl - Practical Extraction and Report Language

Details

It was discovered that Perl incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause Perl to
hang, resulting in a denial of service. This issue only affected Ubuntu
14.04 LTS. (CVE-2015-8853)

It was discovered that Perl incorrectly loaded libraries from the current
working directory. A local attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and
Ubuntu 16.04 LTS. (CVE-2016-6185)

It was discovered that Perl incorrectly handled the rmtree and remove_tree
functions. A local attacker could possibly use this issue to set the mode
on arbitrary files. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2017-6512)

Brian Carpenter discovered that Perl incorrectly handled certain regular
expressions. An attacker could use this issue to cause Perl to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 17.10.
(CVE-2018-6797)

Nguyen Duc Manh discovered that Perl incorrectly handled certain regular
expressions. An attacker could use this issue to cause Perl to crash,
resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS
and Ubuntu 17.10. (CVE-2018-6798)

GwanYeong Kim discovered that Perl incorrectly handled certain data when
using the pack function. An attacker could use this issue to cause Perl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2018-6913)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
Ubuntu 16.04
Ubuntu 14.04

In general, a standard system update will make all the necessary changes.

Related notices