openSUSE-SU-2020:0850

https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod

https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed

https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3

FEDORA-2020-fd73c08076

GLSA-202006-03

https://security.netapp.com/advisory/ntap-20200611-0001/

https://www.oracle.com/security-alerts/cpuoct2020.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Perl before 5.30.3 has an integer overflow related to mishandling of a 'PL_regkind[OP(n)] == NOTHING' situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Perl before 5.30.3 has an integer overflow related to     mishandling of a 'PL_regkind[OP(n)] == NOTHING'     situation. A crafted regular expression could lead to     malformed bytecode with a possibility of instruction     injection.(CVE-2020-10878)

  - Perl before 5.30.3 on 33-bit platforms allows a     heap-based buffer overflow because nested regular     expression quantifiers have an integer     overflow.(CVE-2020-10543)

  - regcomp.c in Perl before 5.30.3 allows a buffer     overflow via a crafted regular expression because of     recursive S_study_chunk calls.(CVE-2020-12723)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Heap-based buffer overflow in the pack function in Perl     before 5.26.2 allows context-dependent attackers to     execute arbitrary code via a large item     count.(CVE-2018-6913)

  - regcomp.c in Perl before 5.30.3 allows a buffer     overflow via a crafted regular expression because of     recursive S_study_chunk calls.(CVE-2020-12723)

  - Perl before 5.30.3 on 32-bit platforms allows a     heap-based buffer overflow because nested regular     expression quantifiers have an integer     overflow.(CVE-2020-10543)

  - Perl before 5.30.3 has an integer overflow related to     mishandling of a 'PL_regkind[OP(n)] == NOTHING'     situation. A crafted regular expression could lead to     malformed bytecode with a possibility of instruction     injection.(CVE-2020-10878)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Perl before 5.30.3 on 32-bit platforms allows a     heap-based buffer overflow because nested regular     expression quantifiers have an integer     overflow.(CVE-2020-10543)

  - Perl before 5.30.3 has an integer overflow related to     mishandling of a 'PL_regkind[OP(n)] == NOTHING'     situation. A crafted regular expression could lead to     malformed bytecode with a possibility of instruction     injection.(CVE-2020-10878)

  - regcomp.c in Perl before 5.30.3 allows a buffer     overflow via a crafted regular expression because of     recursive S_study_chunk calls.(CVE-2020-12723)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the perl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - Perl before 5.30.3 has an integer overflow related to     mishandling of a 'PL_regkind[OP(n)] == NOTHING'     situation. A crafted regular expression could lead to     malformed bytecode with a possibility of instruction     injection.(CVE-2020-10878)

  - regcomp.c in Perl before 5.30.3 allows a buffer     overflow via a crafted regular expression because of     recursive S_study_chunk calls.(CVE-2020-12723)

  - Perl before 5.30.3 on 32-bit platforms allows a     heap-based buffer overflow because nested regular     expression quantifiers have an integer     overflow.(CVE-2020-10543)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Perl before 5.30.3 has an integer overflow related to     mishandling of a 'PL_regkind[OP(n)] == NOTHING'     situation. A crafted regular expression could lead to     malformed bytecode with a possibility of instruction     injection.(CVE-2020-10878)

  - Perl before 5.30.3 on 33-bit platforms allows a     heap-based buffer overflow because nested regular     expression quantifiers have an integer     overflow.(CVE-2020-10543)

  - regcomp.c in Perl before 5.30.3 allows a buffer     overflow via a crafted regular expression because of     recursive S_study_chunk calls.(CVE-2020-12723)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the perl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - regcomp.c in Perl before 5.30.3 allows a buffer     overflow via a crafted regular expression because of     recursive S_study_chunk calls.(CVE-2020-12723)

  - Perl before 5.30.3 has an integer overflow related to     mishandling of a 'PL_regkind[OP(n)] == NOTHING'     situation. A crafted regular expression could lead to     malformed bytecode with a possibility of instruction     injection.(CVE-2020-10878)

  - Perl before 5.30.3 on 32-bit platforms allows a     heap-based buffer overflow because nested regular     expression quantifiers have an integer     overflow.(CVE-2020-10543)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Perl before 5.30.3 has an integer overflow related to     mishandling of a 'PL_regkind[OP(n)] == NOTHING'     situation. A crafted regular expression could lead to     malformed bytecode with a possibility of instruction     injection.(CVE-2020-10878)

  - Perl before 5.30.3 on 32-bit platforms allows a     heap-based buffer overflow because nested regular     expression quantifiers have an integer     overflow.(CVE-2020-10543)

  - regcomp.c in Perl before 5.30.3 allows a buffer     overflow via a crafted regular expression because of     recursive S_study_chunk calls.(CVE-2020-12723)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for perl fixes the following issues :

  - CVE-2020-10543: Fixed a heap buffer overflow in regular     expression compiler which could have allowed overwriting     of allocated memory with attacker's data (bsc#1171863).

  - CVE-2020-10878: Fixed multiple integer overflows which     could have allowed the insertion of instructions into     the compiled form of Perl regular expression     (bsc#1171864).

  - CVE-2020-12723: Fixed an attacker's corruption of the     intermediate language state of a compiled regular     expression (bsc#1171866).

  - Fixed a bad warning in features.ph (bsc#1172348).

This update was imported from the SUSE:SLE-15:Update update project.

This update for perl fixes the following issues :

CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863).

CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864).

CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866).

Fixed a bad warning in features.ph (bsc#1172348).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for perl fixes the following issues :

CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863).

CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864).

CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866).

Fixed utf8 handling in perldoc by useing 'term' instead of 'man' (bsc#1170601).

Some packages make assumptions about the date and time they are built.
This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the perl package has been released.

Fixed CVE-2020-10543, CVE-2020-10878 and CVE-2020-12723

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202006-03 (Perl: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Perl. Please review the       CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
144320	AIX 7.2 TL 3 : perl (IJ26986)	Nessus	AIX Local Security Checks	high
144314	AIX 7.1 TL 5 : perl (IJ26985)	Nessus	AIX Local Security Checks	high
142579	EulerOS Virtualization 3.0.6.6 : perl (EulerOS-SA-2020-2459)	Nessus	Huawei Local Security Checks	high
142313	EulerOS 2.0 SP2 : perl (EulerOS-SA-2020-2380)	Nessus	Huawei Local Security Checks	high
140852	EulerOS 2.0 SP3 : perl (EulerOS-SA-2020-2085)	Nessus	Huawei Local Security Checks	high
140337	EulerOS Virtualization for ARM 64 3.0.2.0 : perl (EulerOS-SA-2020-1967)	Nessus	Huawei Local Security Checks	high
140164	EulerOS 2.0 SP5 : perl (EulerOS-SA-2020-1943)	Nessus	Huawei Local Security Checks	high
139997	EulerOS Virtualization for ARM 64 3.0.6.0 : perl (EulerOS-SA-2020-1894)	Nessus	Huawei Local Security Checks	high
139150	EulerOS 2.0 SP8 : perl (EulerOS-SA-2020-1820)	Nessus	Huawei Local Security Checks	high
138697	openSUSE Security Update : perl (openSUSE-2020-850)	Nessus	SuSE Local Security Checks	high
138277	SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2020:1682-2)	Nessus	SuSE Local Security Checks	high
138276	SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2020:1682-1)	Nessus	SuSE Local Security Checks	high
138271	SUSE SLES12 Security Update : perl (SUSE-SU-2020:1662-1)	Nessus	SuSE Local Security Checks	high
137784	Photon OS 3.0: Perl PHSA-2020-3.0-0104	Nessus	PhotonOS Local Security Checks	high
137719	Photon OS 2.0: Perl PHSA-2020-2.0-0254	Nessus	PhotonOS Local Security Checks	high
137641	Photon OS 1.0: Perl PHSA-2020-1.0-0301	Nessus	PhotonOS Local Security Checks	medium
137437	Fedora 31 : 4:perl (2020-fd73c08076)	Nessus	Fedora Local Security Checks	high
137383	GLSA-202006-03 : Perl: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
137157	Fedora 32 : 4:perl (2020-4021bf2ae8)	Nessus	Fedora Local Security Checks	high

CVE-2020-10543

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins