perl-32bit-5.38.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13479-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z perl-32bit-5.38.2-1.1 on GA media These are all security issues fixed in the perl-32bit-5.38.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13479 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-47038/ SUSE CVE CVE-2023-47038 page https://www.suse.com/security/cve/CVE-2023-47039/ SUSE CVE CVE-2023-47039 page openSUSE Tumbleweed perl-5.38.2-1.1 perl-32bit-5.38.2-1.1 perl-base-5.38.2-1.1 perl-base-32bit-5.38.2-1.1 perl-doc-5.38.2-1.1 perl-5.38.2-1.1 as a component of openSUSE Tumbleweed perl-32bit-5.38.2-1.1 as a component of openSUSE Tumbleweed perl-base-5.38.2-1.1 as a component of openSUSE Tumbleweed perl-base-32bit-5.38.2-1.1 as a component of openSUSE Tumbleweed perl-doc-5.38.2-1.1 as a component of openSUSE Tumbleweed A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. CVE-2023-47038 openSUSE Tumbleweed:perl-32bit-5.38.2-1.1 openSUSE Tumbleweed:perl-5.38.2-1.1 openSUSE Tumbleweed:perl-base-32bit-5.38.2-1.1 openSUSE Tumbleweed:perl-base-5.38.2-1.1 openSUSE Tumbleweed:perl-doc-5.38.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-47038.html CVE-2023-47038 https://bugzilla.suse.com/1217084 SUSE Bug 1217084 A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. CVE-2023-47039 openSUSE Tumbleweed:perl-32bit-5.38.2-1.1 openSUSE Tumbleweed:perl-5.38.2-1.1 openSUSE Tumbleweed:perl-base-32bit-5.38.2-1.1 openSUSE Tumbleweed:perl-base-5.38.2-1.1 openSUSE Tumbleweed:perl-doc-5.38.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-47039.html CVE-2023-47039 https://bugzilla.suse.com/1217085 SUSE Bug 1217085