==========================================================================
Ubuntu Security Notice USN-4602-1
October 26, 2020
perl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Perl.
Software Description:
– perl: Practical Extraction and Report Language
Details:
ManhND discovered that Perl incorrectly handled certain regular
expressions. In environments where untrusted regular expressions are
evaluated, a remote attacker could possibly use this issue to cause Perl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-10543)
Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly
handled certain regular expressions. In environments where untrusted
regular expressions are evaluated, a remote attacker could possibly use
this issue to cause Perl to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2020-10878)
Sergey Aleynikov discovered that Perl incorrectly handled certain regular
expressions. In environments where untrusted regular expressions are
evaluated, a remote attacker could possibly use this issue to cause Perl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-12723)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
perl 5.30.0-9ubuntu0.2
Ubuntu 18.04 LTS:
perl 5.26.1-6ubuntu0.5
Ubuntu 16.04 LTS:
perl 5.22.1-9ubuntu0.9
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4602-1
CVE-2020-10543, CVE-2020-10878, CVE-2020-12723
Package Information:
https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2
https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5
https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl+WtgEACgkQZWnYVadE
vpOfrg/+LBhJSw3wFB7o4CzFDyiKcVKPybRqWTs1DXlU12jGFILKAUQxss0FAtlR
dHGPgGiku/+an0YHaZCbiS0rkT/EcwI4recZtSeS/v3377sFKvIPd410zlN49s09
mlIN7fRhnKYj/z7+NwlAoFxqAMkszZrl624YHvaAYt0Vb3zzbUEv1xIVZC7tk5i0
k9Spny71CjiIkA8553R8LRGmd2e2KRbOI4/fpEAlegQfLZv+HXH8D2cfRgH8/koC
bny/X8ljBfBi2s6ETzT0l3eJtlzRlUst3q1EzLV/VewRhI+SxDhhwywROmmpR6nR
g2Av6+Lq24Iij6OVbEmsU+mxtXEIp77zHUpQG0/NtILrccLs1/4mfoSQRYTgpcV7
hs6MxIkadTI2+GbL0yT3bZhLGYQiWUGU4VhxUhZJap8cueUUJDEf+cqfM9gQJUNA
Vf+kSOPZH2b4uNvKpYRZxdi/LE1c1VixnFVrANWQcwQKr7N+fs/xO/NJk3yvQCly
xQwHSxENbp+8CZzuwJ/umFSTpiTRwmMwSdCnHVYp0qbtzauwVE28et96cl4XKDa/
ZIEwyz1GxYqsifxHtKUGNmRWKHYi7j1uBVIxafnUdJ6O3ayRJjLnAMr/HXwo48/M
yLYPE/ysC9eYjggDv4LNFcQI1UMuk3msj5I5wgJnVWGSBSxTMzA=
=2If+
—–END PGP SIGNATURE—–
—