Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 653432 (CVE-2018-6797, CVE-2018-6798, CVE-2018-6913)

Summary: <dev-lang/perl-{5.24.4,5.26.2}: multiple vulnerabilities (CVE-2018-{6797,6798,6913})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kfm, nobrowser
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/8033
Whiteboard: A3 [glsa+ cve]
Package list:
dev-lang/perl-5.24.4 dev-lang/perl-5.26.2
Runtime testing required: Yes

Description GLSAMaker/CVETool Bot gentoo-dev 2018-04-17 19:43:56 UTC
Incoming details.
Comment 1 Thomas Deutschmann gentoo-dev Security 2018-04-17 19:47:31 UTC
[CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)

[CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)

[CVE-2018-6913] heap-buffer-overflow in S_pack_rec
Comment 2 Larry the Git Cow gentoo-dev 2018-04-23 18:29:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24ba795334144fc8887cc7d9e5b61e55725c93a4

commit 24ba795334144fc8887cc7d9e5b61e55725c93a4
Author:     Kent Fredric <kentnl@gentoo.org>
AuthorDate: 2018-04-17 05:03:07 +0000
Commit:     Kent Fredric <kentnl@gentoo.org>
CommitDate: 2018-04-23 18:27:25 +0000

    dev-lang/perl: Bump to version 5.26.2
    
    - Update to perlcross 1.1.9
    - Fold no-nsl patches into tarball
    - Sync 5.26.9999 ebuild with non-maintainer commits
    
    Upstream:
    - Fix for [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
      S_regatom (regcomp.c)
    - Fix for [CVE-2018-6798] Heap-buffer-overflow in
      Perl__byte_dump_string (utf8.c)
    - Fix for [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
    - Fix for Assertion failure in Perl__core_swash_init (utf8.c)
    - Updated Modules:
      * PerlIO::via -> 0.17
      * Term::ReadLine -> 1.17
      * Unicode::UCD -> 0.69
    - Documentation fixes in perluniprops
    - Fix win32 VC++ compiler detection on non-english systems
    - Set correct $Config{libpth} w/ VC++ < 14.1
    - Prevent readpipe() corrupting stack at runtime via scalar check at
      compile time
    - Fixed a use after free bug in pp_list
    - Fix a use-after-free w/ sub keyword followed by newlines and comments
    - Tokenizer correctly adjusts parse pointer when skipping whitespace in
      an identifier
    - Accesses to ${^LAST_FH} no longer asserts after IO ops on non-glob
    - Sort correctly reference counts aliased $a and $b
    - Certain convoluted regexps no longer cause arithmetic overflow when
      compiled
    - Fix duplicate symbol failure with -flto -mieee-fp
    - Fix null pointer deref in S_regmatch
    - Escallate compilation failures within string interpolation etc, to
      occur earlier as to not confuse the compiler and crash perl
    
    Bug: https://bugs.gentoo.org/653432
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-lang/perl/Manifest              |   3 +-
 dev-lang/perl/perl-5.26.2.ebuild    | 637 ++++++++++++++++++++++++++++++++++++
 dev-lang/perl/perl-5.26.9999.ebuild |  22 +-
 3 files changed, 656 insertions(+), 6 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14eb27172e9fc3a68a0df8b2c35ab4d03987e243

commit 14eb27172e9fc3a68a0df8b2c35ab4d03987e243
Author:     Kent Fredric <kentnl@gentoo.org>
AuthorDate: 2018-04-17 01:48:48 +0000
Commit:     Kent Fredric <kentnl@gentoo.org>
CommitDate: 2018-04-23 18:27:22 +0000

    dev-lang/perl: Bump to version 5.24.4
    
    - Switch to cross-perl 1.1.9
    - Merge libnsl patch into patchball
    
    Upstream:
    - Fixes for [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1)
      in S_regatom (regcomp.c)
    - Fixes for [CVE-2018-6798] Heap-buffer-overflow in
      Perl__byte_dump_string (utf8.c)
    - Fixes for [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
    - Fixes for Assertion failure in Perl__core_swash_init (utf8.c)
    - Avoid corrupting the stack at runtime with readpipe() by checking
      parameters at compile-time
    
    Bug: https://bugs.gentoo.org/653432
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-lang/perl/Manifest           |   3 +
 dev-lang/perl/perl-5.24.4.ebuild | 570 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 573 insertions(+)}
Comment 3 Andreas K. Hüttel gentoo-dev 2019-04-06 20:28:56 UTC
@security:  5.26.2 is stable now

Cleanup may still take some time (it's a lot of work because of the virtuals). So it's probably better if you proceed.

Nothing to do for perl here anymore.
Comment 4 Larry the Git Cow gentoo-dev 2019-05-11 16:21:21 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c066643dc05b77af353f73183efbce2dff66da04

commit c066643dc05b77af353f73183efbce2dff66da04
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2019-05-11 16:17:48 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2019-05-11 16:21:07 +0000

    package.mask: Mask Perl 5.24 and friends for removal
    
    Bug: https://bugs.gentoo.org/653432
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 profiles/package.mask | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
Comment 5 Andreas K. Hüttel gentoo-dev 2019-05-11 16:30:29 UTC
@security please proceed
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2019-09-06 16:15:45 UTC
This issue was resolved and addressed in
 GLSA 201909-01 at https://security.gentoo.org/glsa/201909-01
by GLSA coordinator Thomas Deutschmann (whissi).