SB2018041613 - Fedora 26 update for perl, perl-Module-CoreList
Published: April 16, 2018 Updated: April 24, 2025
Security Bulletin ID
SB2018041613
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2018-6913)
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow. A local attacker can exploit a specially crafted pack() function, trigger memory corruption and cause the service to crash or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
2) Heap-based buffer over-read (CVE-ID: CVE-2018-6798)
The vulnerability allows a local attacker to obtain potentially sensitive information or execute arbitrary code on the target system.The weakness exists due to heap-based buffer over-read. A local attacker can exploit a specially crafted locale dependent regular expression, trigger memory corruption and gain access to potentially sensitive information or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
3) Heap-based buffer overflow (CVE-ID: CVE-2018-6797)
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.The weakness exists in S_regatom() in 'regcomp.c' due to heap-based buffer overflow. A local attacker can exploit a specially crafted regular expression, trigger memory corruption and cause the service to crash or run Perl code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.