Nacionalni CERT

Sigurnosni nedostatak programskog paketa perl

<p>==========================================================================<br />Ubuntu Security Notice USN-3478-2<br />November 13, 2017<br /><br />perl vulnerability<br />==========================================================================<br /><br />A security issue affects these releases of Ubuntu and its derivatives:<br /><br />- Ubuntu 12.04 ESM<br /><br />Summary:<br /><br />Perl could be made to crash if it received specially crafted<br />input.<br /><br />Software Description:<br />- perl: Practical Extraction and Report Language<br /><br />Details:<br /><br />USN-3478-1 fixed two vulnerabilities in Perl. This update<br />provides the corresponding update for Ubuntu 12.04 ESM.<br /><br />Original advisory details:<br /><br /> Jakub Wilk discovered that Perl incorrectly handled certain regular<br /> expressions. An attacker could use this issue to cause Perl to crash,<br /> resulting in a denial of service, or possibly execute arbitrary code.<br /> (CVE-2017-12883)<br /><br />Update instructions:<br /><br />The problem can be corrected by updating your system to the following<br />package versions:<br /><br />Ubuntu 12.04 ESM:<br />  perl                            5.14.2-6ubuntu2.6<br /><br />In general, a standard system update will make all the necessary<br />changes.<br /><br />References:<br />  https://www.ubuntu.com/usn/usn-3478-2<br />  https://www.ubuntu.com/usn/usn-3478-1<br />  CVE-2017-12883<br />-----BEGIN PGP SIGNATURE-----<br />Version: GnuPG v2<br /><br />iQIcBAABCAAGBQJaCepxAAoJEEW851uECx9pI/QP/3B/kYAW/6MdvazOAuQvmB7L<br />3KA3dI6PcbOMTAa+0gIHLdKUES75rh/bdyRwzEUarRBSx4nQpdrhnyY0nqfi9ccP<br />B3UA+OgSiZW0pNuLJmOoyFJ2Aeoy81HrE7NRqGTSFRGNbKny/nZEFjSenWwI7gKm<br />f3Dv8WzU51/Zeylc/TRkhOvA5MngdWFT4uKJeVJ2viJoJNaZH6EslkH1QJGQK3+e<br />61+Z8X3kMv7nR7L7kLCgYZRRPXYUJAmvLjF9i+JvA3k3i9fUyTrp8akbkbTnZS4d<br />7m34LQ1gY1j/gsNbJCXPCJGpk2lMjD7elRf+41TroezNHhlUOdXH0WCOkgRl+Vn8<br />ui8F6T/gdqaNkWO9ZK50R0eybe46ouUtTd3r8g8P3h2wyB+EDGN+nVC/tNDqMzLg<br />to8YzFyLNkINsO/yRpMAEgFcXj98DlcGPwu1m8C6pXmhi4BGqVFz7DbgI0OHXijT<br />96Gdm6F3avPMnVWRMqaxyS2Ni/ixpmcSZM8PrdjOaaf+QQxx9GVnEOaejiK2tdXR<br />3P7DqgxI+H251JZQgF8uZwR7X18AhAuhwuEzZDJU2lC/ET4b7uVEc9TULFBRJ4JS<br />DRhqGnXBG0qAqWDaTSCvmMT0sOPiRPq+vhDDKbCG/Ep2qnvE3ZODJu3/lB4PTEEc<br />qec91XqkhOARje354lle<br />=241S<br />-----END PGP SIGNATURE-----<br />--</p>
Otkriven je sigurnosni nedostatak u programskom paketu perl za operacijski sustav Ubuntu 12.04 ESM. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja ili izvršavanje proizvoljnog programskog koda. Savjetuje se ažuriranje izdanim zakrpama.