Bug 1658194 - Rebase to latest 5.26 security fix release
Summary: Rebase to latest 5.26 security fix release
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: perl
Version: rh-perl526
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.6
Assignee: perl-maint-list
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks: 1658969
TreeView+ depends on / blocked
 
Reported: 2018-12-11 13:35 UTC by Jitka Plesnikova
Modified: 2020-05-05 12:01 UTC (History)
3 users (show)

Fixed In Version: rh-perl526-perl-5.26.3-405.el7
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1658969 (view as bug list)
Environment:
Last Closed: 2020-05-05 12:01:45 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Jitka Plesnikova 2018-12-11 13:35:25 UTC
RHSCL 3.2 delivers Perl 5.26.1. 

The release 5.26.2 contains  fixes for:
CVE-2018-6797 heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
CVE-2018-6798 Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
CVE-2018-6913 heap-buffer-overflow in S_pack_rec
Assertion failure in Perl__core_swash_init (utf8.c)

https://metacpan.org/pod/release/SHAY/perl-5.26.2/pod/perldelta.pod

The latest release is 5.26.3. 
It contains fixes for:

CVE-2018-18311 perl: Integer overflow leading to buffer overflow (BZ#1653528)
- deadline for the CVE is 2018-12-29

CVE-2018-18312 perl: Heap-buffer-overflow write / reg_node overrun (BZ#1653523)
CVE-2018-18313 perl: Heap-buffer-overflow read in regcomp.c (BZ#1653525)
CVE-2018-18314 perl: Heap-based buffer overflow (BZ#1653520)

https://metacpan.org/pod/release/SHAY/perl-5.26.3/pod/perldelta.pod

It would be great to rebase the perl package to deliver fixed latest stable
release.


Note You need to log in before you can comment on or make changes to this bug.