Security update for perl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20334-1 Final 1 1 2025-05-21T15:37:32Z current 2025-05-21T15:37:32Z 2025-05-21T15:37:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for perl This update for perl fixes the following issues: - CVE-2024-56406: Fixed heap buffer overflow with tr// [bsc#1241083] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-330 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520334-1/ Link for SUSE-SU-2025:20334-1 https://lists.suse.com/pipermail/sle-updates/2025-May/039440.html E-Mail link for SUSE-SU-2025:20334-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1241083 SUSE Bug 1241083 https://www.suse.com/security/cve/CVE-2024-56406/ SUSE CVE CVE-2024-56406 page SUSE Linux Micro 6.0 perl-5.38.2-2.1 perl-base-5.38.2-2.1 perl-5.38.2-2.1 as a component of SUSE Linux Micro 6.0 perl-base-5.38.2-2.1 as a component of SUSE Linux Micro 6.0 A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses. CVE-2024-56406 SUSE Linux Micro 6.0:perl-5.38.2-2.1 SUSE Linux Micro 6.0:perl-base-5.38.2-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520334-1/ https://www.suse.com/security/cve/CVE-2024-56406.html CVE-2024-56406 https://bugzilla.suse.com/1241083 SUSE Bug 1241083