perl-32bit-5.34.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11158 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z perl-32bit-5.34.0-1.1 on GA media These are all security issues fixed in the perl-32bit-5.34.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11158 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11158 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2005-3962/ SUSE CVE CVE-2005-3962 page https://www.suse.com/security/cve/CVE-2007-5116/ SUSE CVE CVE-2007-5116 page https://www.suse.com/security/cve/CVE-2017-12814/ SUSE CVE CVE-2017-12814 page https://www.suse.com/security/cve/CVE-2017-12837/ SUSE CVE CVE-2017-12837 page https://www.suse.com/security/cve/CVE-2017-12883/ SUSE CVE CVE-2017-12883 page https://www.suse.com/security/cve/CVE-2018-18311/ SUSE CVE CVE-2018-18311 page https://www.suse.com/security/cve/CVE-2018-18312/ SUSE CVE CVE-2018-18312 page https://www.suse.com/security/cve/CVE-2020-10543/ SUSE CVE CVE-2020-10543 page https://www.suse.com/security/cve/CVE-2020-10878/ SUSE CVE CVE-2020-10878 page https://www.suse.com/security/cve/CVE-2020-12723/ SUSE CVE CVE-2020-12723 page openSUSE Tumbleweed perl-5.34.0-1.1 perl-32bit-5.34.0-1.1 perl-base-5.34.0-1.1 perl-base-32bit-5.34.0-1.1 perl-doc-5.34.0-1.1 perl-5.34.0-1.1 as a component of openSUSE Tumbleweed perl-32bit-5.34.0-1.1 as a component of openSUSE Tumbleweed perl-base-5.34.0-1.1 as a component of openSUSE Tumbleweed perl-base-32bit-5.34.0-1.1 as a component of openSUSE Tumbleweed perl-doc-5.34.0-1.1 as a component of openSUSE Tumbleweed Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. CVE-2005-3962 openSUSE Tumbleweed:perl-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-5.34.0-1.1 openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-base-5.34.0-1.1 openSUSE Tumbleweed:perl-doc-5.34.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3962.html CVE-2005-3962 https://bugzilla.suse.com/136360 SUSE Bug 136360 Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. CVE-2007-5116 openSUSE Tumbleweed:perl-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-5.34.0-1.1 openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-base-5.34.0-1.1 openSUSE Tumbleweed:perl-doc-5.34.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-5116.html CVE-2007-5116 https://bugzilla.suse.com/332199 SUSE Bug 332199 https://bugzilla.suse.com/372331 SUSE Bug 372331 https://bugzilla.suse.com/915514 SUSE Bug 915514 Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. CVE-2017-12814 openSUSE Tumbleweed:perl-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-5.34.0-1.1 openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-base-5.34.0-1.1 openSUSE Tumbleweed:perl-doc-5.34.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12814.html CVE-2017-12814 https://bugzilla.suse.com/1057727 SUSE Bug 1057727 Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. CVE-2017-12837 openSUSE Tumbleweed:perl-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-5.34.0-1.1 openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-base-5.34.0-1.1 openSUSE Tumbleweed:perl-doc-5.34.0-1.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12837.html CVE-2017-12837 https://bugzilla.suse.com/1057724 SUSE Bug 1057724 Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. CVE-2017-12883 openSUSE Tumbleweed:perl-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-5.34.0-1.1 openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-base-5.34.0-1.1 openSUSE Tumbleweed:perl-doc-5.34.0-1.1 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12883.html CVE-2017-12883 https://bugzilla.suse.com/1057721 SUSE Bug 1057721 Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVE-2018-18311 openSUSE Tumbleweed:perl-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-5.34.0-1.1 openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-base-5.34.0-1.1 openSUSE Tumbleweed:perl-doc-5.34.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18311.html CVE-2018-18311 https://bugzilla.suse.com/1114674 SUSE Bug 1114674 https://bugzilla.suse.com/1132018 SUSE Bug 1132018 Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVE-2018-18312 openSUSE Tumbleweed:perl-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-5.34.0-1.1 openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-base-5.34.0-1.1 openSUSE Tumbleweed:perl-doc-5.34.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18312.html CVE-2018-18312 https://bugzilla.suse.com/1114675 SUSE Bug 1114675 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. CVE-2020-10543 openSUSE Tumbleweed:perl-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-5.34.0-1.1 openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-base-5.34.0-1.1 openSUSE Tumbleweed:perl-doc-5.34.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-10543.html CVE-2020-10543 https://bugzilla.suse.com/1171863 SUSE Bug 1171863 https://bugzilla.suse.com/1225627 SUSE Bug 1225627 Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. CVE-2020-10878 openSUSE Tumbleweed:perl-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-5.34.0-1.1 openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-base-5.34.0-1.1 openSUSE Tumbleweed:perl-doc-5.34.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-10878.html CVE-2020-10878 https://bugzilla.suse.com/1171864 SUSE Bug 1171864 https://bugzilla.suse.com/1225627 SUSE Bug 1225627 regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. CVE-2020-12723 openSUSE Tumbleweed:perl-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-5.34.0-1.1 openSUSE Tumbleweed:perl-base-32bit-5.34.0-1.1 openSUSE Tumbleweed:perl-base-5.34.0-1.1 openSUSE Tumbleweed:perl-doc-5.34.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-12723.html CVE-2020-12723 https://bugzilla.suse.com/1171866 SUSE Bug 1171866 https://bugzilla.suse.com/1225627 SUSE Bug 1225627