Ubuntu Security Notice 3625-2 - USN-3625-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. Various other issues were also addressed.
ff8ba6835c5471028b08121523dc8369b5986ca2bddf697ecf88fada90834e01
==========================================================================
Ubuntu Security Notice USN-3625-2
April 17, 2018
perl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Perl.
Software Description:
- perl: Practical Extraction and Report Language
Details:
USN-3625-1 fixed a vulnerability in Perl. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that Perl incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause Perl
to hang, resulting in a denial of service. (CVE-2015-8853)
It was discovered that Perl incorrectly loaded libraries from the
current working directory. A local attacker could possibly use this
issue to execute arbitrary code. (CVE-2016-6185)
It was discovered that Perl incorrectly handled the rmtree and
remove_tree functions. A local attacker could possibly use this issue
to set the mode on arbitrary files. (CVE-2017-6512)
GwanYeong Kim discovered that Perl incorrectly handled certain data
when using the pack function. An attacker could use this issue to
cause Perl to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2018-6913)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
perl 5.14.2-6ubuntu2.7
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3625-2
https://usn.ubuntu.com/usn/usn-3625-1
CVE-2015-8853, CVE-2016-6185, CVE-2017-6512, CVE-2018-6913