Security Advisories (29)
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html
- http://www.securityfocus.com/bid/49858
- http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod
- http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77
- http://secunia.com/advisories/46172
- https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
- https://bugzilla.redhat.com/show_bug.cgi?id=742987
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
- http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44
- http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
- http://www.securityfocus.com/bid/56287
- http://www.openwall.com/lists/oss-security/2012/10/27/1
- http://secunia.com/advisories/51457
- http://www.openwall.com/lists/oss-security/2012/10/26/2
- http://www.ubuntu.com/usn/USN-1643-1
- http://www.debian.org/security/2012/dsa-2586
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/55314
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller.
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
- https://perldoc.perl.org/5.24.1/perldelta
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
- http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab
- http://www.debian.org/security/2016/dsa-3628
- http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
- http://www.securityfocus.com/bid/92136
- http://www.securitytracker.com/id/1036440
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/
- https://rt.perl.org/Public/Bug/Display.html?id=127834
- https://security.gentoo.org/glsa/201701-75
- https://security.gentoo.org/glsa/201812-07
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
- http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab
- http://www.debian.org/security/2016/dsa-3628
- http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
- http://www.securityfocus.com/bid/92136
- http://www.securitytracker.com/id/1036440
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/
- https://rt.perl.org/Public/Bug/Display.html?id=127834
- https://security.gentoo.org/glsa/201701-75
- https://security.gentoo.org/glsa/201812-07
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
- https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
- https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
- https://github.com/Perl/perl5/issues/16947
- https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a
- https://github.com/Perl/perl5/issues/17743
- https://security.netapp.com/advisory/ntap-20200611-0001/
- https://security.gentoo.org/glsa/202006-03
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://perldoc.perl.org/perl5283delta
- https://perldoc.perl.org/perl5303delta
- https://perldoc.perl.org/perl5320delta
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
- https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
- https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
- https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
- https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
- https://security.netapp.com/advisory/ntap-20200611-0001/
- https://security.gentoo.org/glsa/202006-03
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://perldoc.perl.org/perl5283delta
- https://perldoc.perl.org/perl5303delta
- https://perldoc.perl.org/perl5320delta
Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie's match decision table is truncated with no warning or error. A pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong.
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
- https://rt.perl.org/Public/Bug/Display.html?id=126755
- https://github.com/Perl/perl5/issues/15067
- https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- https://www.oracle.com/security-alerts/cpujul2020.html
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
- https://www.debian.org/security/2018/dsa-4347
- https://usn.ubuntu.com/3834-2/
- https://rt.perl.org/Ticket/Display.html?id=133204
- https://metacpan.org/changes/release/SHAY/perl-5.28.1
- https://metacpan.org/changes/release/SHAY/perl-5.26.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
- https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html
- https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
- https://bugzilla.redhat.com/show_bug.cgi?id=1646730
- http://www.securitytracker.com/id/1042181
- https://usn.ubuntu.com/3834-1/
- http://www.securityfocus.com/bid/106145
- https://access.redhat.com/errata/RHSA-2019:0010
- https://access.redhat.com/errata/RHSA-2019:0001
- https://access.redhat.com/errata/RHSA-2019:0109
- https://security.netapp.com/advisory/ntap-20190221-0003/
- https://support.apple.com/kb/HT209600
- https://seclists.org/bugtraq/2019/Mar/42
- http://seclists.org/fulldisclosure/2019/Mar/49
- https://kc.mcafee.com/corporate/index?page=content&id=SB10278
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2019:1790
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://access.redhat.com/errata/RHSA-2019:1942
- https://access.redhat.com/errata/RHSA-2019:2400
- https://security.gentoo.org/glsa/201909-01
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://perldoc.perl.org/perl5281delta
- https://perldoc.perl.org/perl5263delta
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html
- http://www.openwall.com/lists/oss-security/2016/04/20/7
- https://bugzilla.redhat.com/show_bug.cgi?id=1329106
- https://rt.perl.org/Public/Bug/Display.html?id=123562
- http://www.openwall.com/lists/oss-security/2016/04/20/5
- http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/86707
- https://security.gentoo.org/glsa/201701-75
- https://usn.ubuntu.com/3625-2/
- https://usn.ubuntu.com/3625-1/
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
- http://securitytracker.com/id?1023077
- http://www.vupen.com/english/advisories/2009/3023
- http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4
- http://www.securityfocus.com/bid/36812
- https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225
- http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/
- http://www.osvdb.org/59283
- http://www.openwall.com/lists/oss-security/2009/10/23/8
- http://secunia.com/advisories/37144
- http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53939
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
- http://www.dyadsecurity.com/perl-0002.html
- http://www.kb.cert.org/vuls/id/948385
- http://www.securityfocus.com/bid/15629
- http://secunia.com/advisories/17802
- http://secunia.com/advisories/17844
- http://secunia.com/advisories/17762
- http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
- http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
- http://www.trustix.org/errata/2005/0070
- http://secunia.com/advisories/17941
- http://secunia.com/advisories/17952
- http://www.redhat.com/support/errata/RHSA-2005-880.html
- http://www.novell.com/linux/security/advisories/2005_71_perl.html
- http://secunia.com/advisories/18183
- http://secunia.com/advisories/18187
- http://www.redhat.com/support/errata/RHSA-2005-881.html
- http://secunia.com/advisories/18075
- http://www.openbsd.org/errata37.html#perl
- http://secunia.com/advisories/18295
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
- http://www.osvdb.org/21345
- http://www.osvdb.org/22255
- ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
- http://secunia.com/advisories/18517
- http://secunia.com/advisories/17993
- https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
- http://secunia.com/advisories/19041
- http://www.debian.org/security/2006/dsa-943
- http://secunia.com/advisories/18413
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
- http://www.novell.com/linux/security/advisories/2005_29_sr.html
- http://secunia.com/advisories/20894
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://secunia.com/advisories/23155
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
- http://www.ipcop.org/index.php?name=News&file=article&sid=41
- http://secunia.com/advisories/31208
- http://www.vupen.com/english/advisories/2006/2613
- http://www.vupen.com/english/advisories/2006/0771
- http://www.vupen.com/english/advisories/2006/4750
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
- http://www.vupen.com/english/advisories/2005/2688
- http://marc.info/?l=full-disclosure&m=113342788118630&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
- https://usn.ubuntu.com/222-1/
- http://www.securityfocus.com/archive/1/438726/100/0/threaded
- http://www.securityfocus.com/archive/1/418333/100/0/threaded
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
- http://www.gossamer-threads.com/lists/perl/porters/326387
- http://www.debian.org/security/2016/dsa-3501
- http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/83802
- http://www.ubuntu.com/usn/USN-2916-1
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html
- https://security.gentoo.org/glsa/201701-75
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- https://support.apple.com/kb/HT205031
- http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06
- http://www.securityfocus.com/bid/75704
- http://www.ubuntu.com/usn/USN-2916-1
- https://security.gentoo.org/glsa/201507-11
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
- https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
- https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
- https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
- https://security.netapp.com/advisory/ntap-20200611-0001/
- https://security.gentoo.org/glsa/202006-03
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://perldoc.perl.org/perl5283delta
- https://perldoc.perl.org/perl5303delta
- https://perldoc.perl.org/perl5320delta
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
- https://www.debian.org/security/2018/dsa-4172
- https://rt.perl.org/Public/Bug/Display.html?id=131844
- https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html
- http://www.securitytracker.com/id/1040681
- https://usn.ubuntu.com/3625-2/
- https://usn.ubuntu.com/3625-1/
- http://www.securityfocus.com/bid/103953
- https://security.gentoo.org/glsa/201909-01
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://perldoc.perl.org/perl5244delta
- https://perldoc.perl.org/perl5262delta
- https://github.com/Perl/perl5/issues/16098
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
- https://www.debian.org/security/2018/dsa-4347
- https://rt.perl.org/Ticket/Display.html?id=131649
- https://metacpan.org/changes/release/SHAY/perl-5.26.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
- https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f
- https://bugzilla.redhat.com/show_bug.cgi?id=1646751
- http://www.securitytracker.com/id/1042181
- https://usn.ubuntu.com/3834-1/
- http://www.securityfocus.com/bid/106145
- https://access.redhat.com/errata/RHSA-2019:0010
- https://access.redhat.com/errata/RHSA-2019:0001
- https://security.netapp.com/advisory/ntap-20190221-0003/
- https://security.gentoo.org/glsa/201909-01
- https://www.oracle.com/security-alerts/cpujul2020.html
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
- https://www.debian.org/security/2018/dsa-4347
- https://usn.ubuntu.com/3834-2/
- https://rt.perl.org/Ticket/Display.html?id=133192
- https://metacpan.org/changes/release/SHAY/perl-5.26.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
- https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
- https://bugzilla.redhat.com/show_bug.cgi?id=1646738
- http://www.securitytracker.com/id/1042181
- https://usn.ubuntu.com/3834-1/
- https://access.redhat.com/errata/RHSA-2019:0010
- https://access.redhat.com/errata/RHSA-2019:0001
- https://security.netapp.com/advisory/ntap-20190221-0003/
- https://support.apple.com/kb/HT209600
- https://seclists.org/bugtraq/2019/Mar/42
- http://seclists.org/fulldisclosure/2019/Mar/49
- https://security.gentoo.org/glsa/201909-01
- https://www.oracle.com/security-alerts/cpujul2020.html
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
- https://www.debian.org/security/2018/dsa-4347
- https://rt.perl.org/Public/Bug/Display.html?id=133423
- https://metacpan.org/changes/release/SHAY/perl-5.28.1
- https://metacpan.org/changes/release/SHAY/perl-5.26.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
- https://bugzilla.redhat.com/show_bug.cgi?id=1646734
- http://www.securitytracker.com/id/1042181
- https://usn.ubuntu.com/3834-1/
- http://www.securityfocus.com/bid/106179
- https://access.redhat.com/errata/RHSA-2019:0010
- https://access.redhat.com/errata/RHSA-2019:0001
- https://security.netapp.com/advisory/ntap-20190221-0003/
- https://security.gentoo.org/glsa/201909-01
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://perldoc.perl.org/perl5281delta
- https://perldoc.perl.org/perl5263delta
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
- http://www.securityfocus.com/bid/58311
- http://perl5.git.perl.org/perl.git/commitdiff/d59e31f
- http://perl5.git.perl.org/perl.git/commitdiff/9d83adc
- http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
- http://www.debian.org/security/2013/dsa-2641
- http://secunia.com/advisories/52499
- http://secunia.com/advisories/52472
- https://bugzilla.redhat.com/show_bug.cgi?id=912276
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
- http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5
- http://osvdb.org/90892
- http://www.ubuntu.com/usn/USN-1770-1
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
- http://marc.info/?l=bugtraq&m=137891988921058&w=2
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82598
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
- http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
- https://bugzilla.redhat.com/show_bug.cgi?id=694166
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
- https://rt.perl.org/Public/Bug/Display.html?id=76538
- https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
- http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792
- http://www.debian.org/security/2008/dsa-1556
- https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html
- https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html
- http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml
- http://www.securityfocus.com/bid/28928
- http://secunia.com/advisories/29948
- http://secunia.com/advisories/30025
- http://secunia.com/advisories/30326
- http://www.securitytracker.com/id?1020253
- http://www.redhat.com/support/errata/RHSA-2008-0522.html
- http://secunia.com/advisories/30624
- http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm
- http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm
- http://www.ipcop.org/index.php?name=News&file=article&sid=41
- http://secunia.com/advisories/31467
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://secunia.com/advisories/31604
- http://secunia.com/advisories/31208
- http://secunia.com/advisories/31328
- http://www.vmware.com/security/advisories/VMSA-2008-0013.html
- http://www.redhat.com/support/errata/RHSA-2008-0532.html
- http://secunia.com/advisories/31687
- http://osvdb.org/44588
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:100
- http://www.ubuntu.com/usn/usn-700-1
- http://secunia.com/advisories/33314
- http://wiki.rpath.com/Advisories:rPSA-2009-0011
- http://www.ubuntu.com/usn/usn-700-2
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://secunia.com/advisories/33937
- http://support.apple.com/kb/HT3438
- http://www.vupen.com/english/advisories/2009/0422
- http://www.vupen.com/english/advisories/2008/2361
- http://www.vupen.com/english/advisories/2008/2424
- http://www.vupen.com/english/advisories/2008/2265/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41996
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579
- http://www.securityfocus.com/archive/1/500210/100/0/threaded
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
- https://bugzilla.redhat.com/show_bug.cgi?id=323571
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:207
- http://www.redhat.com/support/errata/RHSA-2007-0966.html
- http://www.redhat.com/support/errata/RHSA-2007-1011.html
- http://www.securityfocus.com/bid/26350
- http://secunia.com/advisories/27531
- http://secunia.com/advisories/27546
- https://bugzilla.redhat.com/show_bug.cgi?id=378131
- https://issues.rpath.com/browse/RPL-1813
- http://www.debian.org/security/2007/dsa-1400
- http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html
- http://www.novell.com/linux/security/advisories/2007_24_sr.html
- http://www.ubuntu.com/usn/usn-552-1
- http://securitytracker.com/id?1018899
- http://secunia.com/advisories/27479
- http://secunia.com/advisories/27515
- http://secunia.com/advisories/27548
- http://secunia.com/advisories/27613
- http://secunia.com/advisories/27570
- http://secunia.com/advisories/27936
- http://docs.info.apple.com/article.html?artnum=307179
- ftp://aix.software.ibm.com/aix/efixes/security/README
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://secunia.com/advisories/28167
- http://lists.vmware.com/pipermail/security-announce/2008/000002.html
- http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm
- http://secunia.com/advisories/28368
- http://secunia.com/advisories/28387
- http://secunia.com/advisories/27756
- http://www.vmware.com/security/advisories/VMSA-2008-0001.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1
- http://secunia.com/advisories/28993
- http://secunia.com/advisories/29074
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1
- http://secunia.com/advisories/31208
- http://www.ipcop.org/index.php?name=News&file=article&sid=41
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1
- http://www.vupen.com/english/advisories/2007/4238
- http://www.vupen.com/english/advisories/2008/0064
- http://www.vupen.com/english/advisories/2008/0641
- http://www.vupen.com/english/advisories/2007/3724
- http://www.vupen.com/english/advisories/2007/4255
- http://marc.info/?l=bugtraq&m=120352263023774&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38270
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669
- http://www.securityfocus.com/archive/1/486859/100/0/threaded
- http://www.securityfocus.com/archive/1/485936/100/0/threaded
- http://www.securityfocus.com/archive/1/483584/100/0/threaded
- http://www.securityfocus.com/archive/1/483563/100/0/threaded
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
- https://bugzilla.redhat.com/show_bug.cgi?id=692844
- http://openwall.com/lists/oss-security/2011/04/01/3
- http://openwall.com/lists/oss-security/2011/04/04/35
- https://bugzilla.redhat.com/show_bug.cgi?id=692898
- http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
- http://secunia.com/advisories/43921
- http://www.securityfocus.com/bid/47124
- http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
- http://secunia.com/advisories/44168
- http://www.debian.org/security/2011/dsa-2265
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
NAME
enc2xs -- Perl Encode Module Generator
SYNOPSIS
enc2xs -[options]
enc2xs -M ModName mapfiles...
enc2xs -C
DESCRIPTION
enc2xs builds a Perl extension for use by Encode from either Unicode Character Mapping files (.ucm) or Tcl Encoding Files (.enc). Besides being used internally during the build process of the Encode module, you can use enc2xs to add your own encoding to perl. No knowledge of XS is necessary.
Quick Guide
If you want to know as little about Perl as possible but need to add a new encoding, just read this chapter and forget the rest.
- 0.
-
Have a .ucm file ready. You can get it from somewhere or you can write your own from scratch or you can grab one from the Encode distribution and customize it. For the UCM format, see the next Chapter. In the example below, I'll call my theoretical encoding myascii, defined in my.ucm.
$is a shell prompt.$ ls -F my.ucm - 1.
-
Issue a command as follows;
$ enc2xs -M My my.ucm generating Makefile.PL generating My.pm generating README generating ChangesNow take a look at your current directory. It should look like this.
$ ls -F Makefile.PL My.pm my.ucm t/The following files were created.
Makefile.PL - MakeMaker script My.pm - Encode submodule t/My.t - test file - 2.
-
Edit the files generated. You don't have to if you have no time AND no intention to give it to someone else. But it is a good idea to edit the pod and to add more tests.
- 3.
-
Now issue a command all Perl Mongers love:
$ perl Makefile.PL Writing Makefile for Encode::My - 4.
-
Now all you have to do is make.
$ make cp My.pm blib/lib/Encode/My.pm /usr/local/bin/perl /usr/local/bin/enc2xs -Q -O \ -o encode_t.c -f encode_t.fnm Reading myascii (myascii) Writing compiled form 128 bytes in string tables 384 bytes (25%) saved spotting duplicates 1 bytes (99.2%) saved using substrings .... chmod 644 blib/arch/auto/Encode/My/My.bs $The time it takes varies depending on how fast your machine is and how large your encoding is. Unless you are working on something big like euc-tw, it won't take too long.
- 5.
-
You can "make install" already but you should test first.
$ make test PERL_DL_NONLAZY=1 /usr/local/bin/perl -Iblib/arch -Iblib/lib \ -e 'use Test::Harness qw(&runtests $verbose); \ $verbose=0; runtests @ARGV;' t/*.t t/My....ok All tests successful. Files=1, Tests=2, 0 wallclock secs ( 0.09 cusr + 0.01 csys = 0.09 CPU) - 6.
-
If you are content with the test result, just "make install"
- 7.
-
If you want to add your encoding to Encode's demand-loading list (so you don't have to "use Encode::YourEncoding"), run
enc2xs -Cto update Encode::ConfigLocal, a module that controls local settings. After that, "use Encode;" is enough to load your encodings on demand.
The Unicode Character Map
Encode uses the Unicode Character Map (UCM) format for source character mappings. This format is used by IBM's ICU package and was adopted by Nick Ing-Simmons for use with the Encode module. Since UCM is more flexible than Tcl's Encoding Map and far more user-friendly, this is the recommended formet for Encode now.
A UCM file looks like this.
#
# Comments
#
<code_set_name> "US-ascii" # Required
<code_set_alias> "ascii" # Optional
<mb_cur_min> 1 # Required; usually 1
<mb_cur_max> 1 # Max. # of bytes/char
<subchar> \x3F # Substitution char
#
CHARMAP
<U0000> \x00 |0 # <control>
<U0001> \x01 |0 # <control>
<U0002> \x02 |0 # <control>
....
<U007C> \x7C |0 # VERTICAL LINE
<U007D> \x7D |0 # RIGHT CURLY BRACKET
<U007E> \x7E |0 # TILDE
<U007F> \x7F |0 # <control>
END CHARMAP
Anything that follows
#is treated as a comment.The header section continues until a line containing the word CHARMAP. This section has a form of <keyword> value, one pair per line. Strings used as values must be quoted. Barewords are treated as numbers. \xXX represents a byte.
Most of the keywords are self-explanatory. subchar means substitution character, not subcharacter. When you decode a Unicode sequence to this encoding but no matching character is found, the byte sequence defined here will be used. For most cases, the value here is \x3F; in ASCII, this is a question mark.
CHARMAP starts the character map section. Each line has a form as follows:
<UXXXX> \xXX.. |0 # comment ^ ^ ^ | | +- Fallback flag | +-------- Encoded byte sequence +-------------- Unicode Character ID in hexThe format is roughly the same as a header section except for the fallback flag: | followed by 0..3. The meaning of the possible values is as follows:
- |0
-
Round trip safe. A character decoded to Unicode encodes back to the same byte sequence. Most characters have this flag.
- |1
-
Fallback for unicode -> encoding. When seen, enc2xs adds this character for the encode map only.
- |2
-
Skip sub-char mapping should there be no code point.
- |3
-
Fallback for encoding -> unicode. When seen, enc2xs adds this character for the decode map only.
And finally, END OF CHARMAP ends the section.
When you are manually creating a UCM file, you should copy ascii.ucm or an existing encoding which is close to yours, rather than write your own from scratch.
When you do so, make sure you leave at least U0000 to U0020 as is, unless your environment is EBCDIC.
CAVEAT: not all features in UCM are implemented. For example, icu:state is not used. Because of that, you need to write a perl module if you want to support algorithmical encodings, notably the ISO-2022 series. Such modules include Encode::JP::2022_JP, Encode::KR::2022_KR, and Encode::TW::HZ.
Coping with duplicate mappings
When you create a map, you SHOULD make your mappings round-trip safe. That is, encode('your-encoding', decode('your-encoding', $data)) eq $data stands for all characters that are marked as |0. Here is how to make sure:
Sort your map in Unicode order.
When you have a duplicate entry, mark either one with '|1' or '|3'.
And make sure the '|1' or '|3' entry FOLLOWS the '|0' entry.
Here is an example from big5-eten.
<U2550> \xF9\xF9 |0
<U2550> \xA2\xA4 |3
Internally Encoding -> Unicode and Unicode -> Encoding Map looks like this;
E to U U to E
--------------------------------------
\xF9\xF9 => U2550 U2550 => \xF9\xF9
\xA2\xA4 => U2550
So it is round-trip safe for \xF9\xF9. But if the line above is upside down, here is what happens.
E to U U to E
--------------------------------------
\xA2\xA4 => U2550 U2550 => \xF9\xF9
(\xF9\xF9 => U2550 is now overwritten!)
The Encode package comes with ucmlint, a crude but sufficient utility to check the integrity of a UCM file. Check under the Encode/bin directory for this.
Bookmarks
ICU Home Page http://oss.software.ibm.com/icu/
ICU Character Mapping Tables http://oss.software.ibm.com/icu/charset/
ICU:Conversion Data http://oss.software.ibm.com/icu/userguide/conversion-data.html
SEE ALSO
7 POD Errors
The following errors were encountered while parsing the POD:
- Around line 1072:
Expected text after =item, not a number
- Around line 1105:
Expected text after =item, not a number
- Around line 1111:
Expected text after =item, not a number
- Around line 1118:
Expected text after =item, not a number
- Around line 1139:
Expected text after =item, not a number
- Around line 1152:
Expected text after =item, not a number
- Around line 1156:
Expected text after =item, not a number
Module Install Instructions
To install if, copy and paste the appropriate command in to your terminal.
cpanm if
perl -MCPAN -e shell
install if
For more information on module installation, please visit the detailed CPAN module installation guide.