-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: perl security update Advisory ID: RHSA-2019:0109-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0109 Issue date: 2019-01-21 CVE Names: CVE-2018-18311 ===================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1646730 - CVE-2018-18311 perl: Integer overflow leading to buffer overflow in Perl_my_setenv() 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm ppc64: perl-5.16.3-294.el7_6.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64.rpm perl-core-5.16.3-294.el7_6.ppc64.rpm perl-debuginfo-5.16.3-294.el7_6.ppc.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64.rpm perl-devel-5.16.3-294.el7_6.ppc.rpm perl-devel-5.16.3-294.el7_6.ppc64.rpm perl-libs-5.16.3-294.el7_6.ppc.rpm perl-libs-5.16.3-294.el7_6.ppc64.rpm perl-macros-5.16.3-294.el7_6.ppc64.rpm ppc64le: perl-5.16.3-294.el7_6.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm perl-core-5.16.3-294.el7_6.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-devel-5.16.3-294.el7_6.ppc64le.rpm perl-libs-5.16.3-294.el7_6.ppc64le.rpm perl-macros-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.s390x.rpm perl-core-5.16.3-294.el7_6.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.s390.rpm perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-devel-5.16.3-294.el7_6.s390.rpm perl-devel-5.16.3-294.el7_6.s390x.rpm perl-libs-5.16.3-294.el7_6.s390.rpm perl-libs-5.16.3-294.el7_6.s390x.rpm perl-macros-5.16.3-294.el7_6.s390x.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm aarch64: perl-5.16.3-294.el7_6.aarch64.rpm perl-Time-Piece-1.20.1-294.el7_6.aarch64.rpm perl-core-5.16.3-294.el7_6.aarch64.rpm perl-debuginfo-5.16.3-294.el7_6.aarch64.rpm perl-devel-5.16.3-294.el7_6.aarch64.rpm perl-libs-5.16.3-294.el7_6.aarch64.rpm perl-macros-5.16.3-294.el7_6.aarch64.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm ppc64le: perl-5.16.3-294.el7_6.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm perl-core-5.16.3-294.el7_6.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-devel-5.16.3-294.el7_6.ppc64le.rpm perl-libs-5.16.3-294.el7_6.ppc64le.rpm perl-macros-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.s390x.rpm perl-core-5.16.3-294.el7_6.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.s390.rpm perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-devel-5.16.3-294.el7_6.s390.rpm perl-devel-5.16.3-294.el7_6.s390x.rpm perl-libs-5.16.3-294.el7_6.s390.rpm perl-libs-5.16.3-294.el7_6.s390x.rpm perl-macros-5.16.3-294.el7_6.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: perl-debuginfo-5.16.3-294.el7_6.ppc64.rpm perl-tests-5.16.3-294.el7_6.ppc64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-tests-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-tests-5.16.3-294.el7_6.s390x.rpm x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: perl-debuginfo-5.16.3-294.el7_6.aarch64.rpm perl-tests-5.16.3-294.el7_6.aarch64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-tests-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-tests-5.16.3-294.el7_6.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18311 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXEYC0dzjgjWX9erEAQi+cg//SP5ltkBCVsa86sXT7nP94nQepzxwweEj EC1T/sqSYhSYJcftiJdmcxJk9g4wOns39SNJuvsiiajYarJeIFjUq2TpX/lxL3Qe YrrnZ2esaT+kTDPtCpzBoatZ6uSKZmAVBKmu1bQMmquRt6fbk9F3lWWzfUEfspuU RxfJplbKlejPsAAEUA4URdoC8Jey1cbKgrDOxqOGH1ipZyVsW8jvrrCZxCLKkeRR MyfngBxyTGld78ZoDipSMOInjs50Snh3xp+z4ZxPIpltaEiJHK9mbg5Psqvz8hZY S7RMVK4qPPJwFuPLEKBBNtwFneNotq1Hz4Pj1f2YvjsTv56N+IwudLAdHK8bQBA8 mTRgSNbn8T/22U67d6Pa+T1hL/5xstbOM2Jtj5CD++Oqh84mh8ZhWYFafAdCu/RS RRgSZIg3CCjS7C0y+to1BBNARWJm0ymko9NPVGW5anDvqCZfowbUEOe/t1suXbE9 pMJgi+p5JPJwWgA+PkYgeW60edGu1sobtV84QQtgUAjy6wgby2wHYPgJJVNt8TP8 6JkRCmHhbwjsreDy0v65oNWWwTsgUFzjl+KUk5nwh/JST6w+LjY/CCUTgTNyVQR3 ivFL/VNrTip4RQCASlWILYI95U0h+Fb1hL7xbQ5KevVNwS07MZdFhEcZWDTBj3Iw KtRzQvqVeHM= =kPNu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce