Ubuntu Security Notice USN-4602-2

Ubuntu Security Notice USN-4602-2: Posted Oct 27, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4602-2 - USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary, perl, vulnerability; systems | linux, ubuntu; advisories | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723; SHA-256 | 86b1279f5ba83fe76fe52f2395906c7367643ef255456da358314e985b840833; Download | Favorite | View

Ubuntu Security Notice USN-4602-2

=========================================================================
Ubuntu Security Notice USN-4602-2
October 27, 2020

perl vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Perl.

Software Description:
- perl: Practical Extraction and Report Language

Details:

USN-4602-1 fixed several vulnerabilities in Perl. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.


Original advisory details:

 ManhND discovered that Perl incorrectly handled certain regular
 expressions. In environments where untrusted regular expressions are
 evaluated, a remote attacker could possibly use this issue to cause Perl to
 crash, resulting in a denial of service, or possibly execute arbitrary
 code. (CVE-2020-10543)

 Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly
 handled certain regular expressions. In environments where untrusted
 regular expressions are evaluated, a remote attacker could possibly use
 this issue to cause Perl to crash, resulting in a denial of service, or
 possibly execute arbitrary code. (CVE-2020-10878)

 Sergey Aleynikov discovered that Perl incorrectly handled certain regular
 expressions. In environments where untrusted regular expressions are
 evaluated, a remote attacker could possibly use this issue to cause Perl to
 crash, resulting in a denial of service, or possibly execute arbitrary
 code. (CVE-2020-12723)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  perl                            5.18.2-2ubuntu1.7+esm3

Ubuntu 12.04 ESM:
  perl                            5.14.2-6ubuntu2.11

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4602-2
  https://usn.ubuntu.com/4602-1
  CVE-2020-10543, CVE-2020-10878, CVE-2020-12723

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 50 files
Debian 19 files
LiquidWorm 15 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

Ubuntu Security Notice USN-4602-2

Ubuntu Security Notice USN-4602-2

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-4602-2

Share This

Ubuntu Security Notice USN-4602-2

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems