Security update for perl

Announcement ID:	SUSE-SU-2018:4187-1
Rating:	moderate
References:	bsc#1114674 bsc#1114675 bsc#1114681 bsc#1114686
Cross-References:	CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314
CVSS scores:	CVE-2018-18311 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-18311 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-18312 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-18312 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-18313 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2018-18313 ( NVD ): 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2018-18314 ( SUSE ): 4.5 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-18314 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Basesystem Module 15 Development Tools Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves four vulnerabilities can now be installed.

Description:

This update for perl fixes the following issues:

Secuirty issues fixed:

• CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674).
• CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675).
• CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681).
• CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2984=1
• Development Tools Module 15
  zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2984=1

Package List:

• Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
  • perl-debuginfo-5.26.1-7.6.1
  • perl-5.26.1-7.6.1
  • perl-base-5.26.1-7.6.1
  • perl-debugsource-5.26.1-7.6.1
  • perl-base-debuginfo-5.26.1-7.6.1
• Basesystem Module 15 (x86_64)
  • perl-32bit-debuginfo-5.26.1-7.6.1
  • perl-base-32bit-debuginfo-5.26.1-7.6.1
  • perl-base-32bit-5.26.1-7.6.1
• Development Tools Module 15 (noarch)
  • perl-doc-5.26.1-7.6.1

References:

• https://www.suse.com/security/cve/CVE-2018-18311.html
• https://www.suse.com/security/cve/CVE-2018-18312.html
• https://www.suse.com/security/cve/CVE-2018-18313.html
• https://www.suse.com/security/cve/CVE-2018-18314.html
• https://bugzilla.suse.com/show_bug.cgi?id=1114674
• https://bugzilla.suse.com/show_bug.cgi?id=1114675
• https://bugzilla.suse.com/show_bug.cgi?id=1114681
• https://bugzilla.suse.com/show_bug.cgi?id=1114686