1082233 – (CVE-2018-6798) VUL-0: CVE-2018-6798: perl: heap buffer overflow bug

Bug 1082233 (CVE-2018-6798) - VUL-0: CVE-2018-6798: perl: heap buffer overflow bug

Summary: VUL-0: CVE-2018-6798: perl: heap buffer overflow bug

Status:	RESOLVED FIXED

Alias:	CVE-2018-6798

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Michael Schröder
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/200609/
Whiteboard:	CVSSv2:NVD:CVE-2018-6798:5.0:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2018-02-22 08:34 UTC by Karol Babioch
Modified:	2024-07-25 14:58 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-02-22 08:34:28 UTC

This is a heap read overflow bug, reported by Nguyen Duc Manh and
fixed by Yves Orton, Karl Williamson, and Tony Cook.

Here is a technical comment:

    > At minimum this has the potential to cause a segmentation fault,
or to corrupt the arena, leading to a crash further on.
    > Depending on the heap implementation it may be possible to
perform a nastier exploit - an attacker has almost complete control
over the bytes written.

Four patches are included and can be applied to the latest Perl version, 5.27:

  - blead-0002-perl-132063-Heap-buffer-overflow.patch
  - blead-0003-fix-TRIE_READ_CHAR-and-DECL_TRIE_TYPE-to-account-for.patch.
  - blead-0004-perl-132063-we-should-no-longer-warn-for-this-code.patch
  - blead-0005-utf8.c-Don-t-dump-malformation-past-first-NUL.patch

The following can be applied against 5.26:

  - 5.26-0002-perl-132063-Heap-buffer-overflow.patch
  - 5.26-0003-5.26.1-fix-TRIE_READ_CHAR-and-DECL_TRIE_TYPE-to-acco.patch
  - 5.26-0004-perl-132063-we-should-no-longer-warn-for-this-code,patch
  - 5.26-0005-utf8.c-Don-t-dump-malformation-past-first-NUL.patch

The following can be applied against 5.24:

  - 5.24-0002-perl-132063-Heap-buffer-overflow.patch
  - 5.24-0003-v5.24.3-fix-TRIE_READ_CHAR-and-DECL_TRIE_TYPE-to-acc.patch
  - 5.24-0004-perl-132063-we-should-no-longer-warn-for-this-code.p

Comment 17 Johannes Segitz 2018-02-26 13:39:24 UTC

CRD: 2018-03-15

Comment 21 Johannes Segitz 2018-03-20 07:25:56 UTC

CRD: 2018-04-14

Comment 24 Johannes Segitz 2018-04-17 06:10:39 UTC

public

Comment 25 Swamp Workflow Management 2018-04-18 10:15:13 UTC

SUSE-SU-2018:0976-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1082216,1082233
CVE References: CVE-2018-6798,CVE-2018-6913
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    perl-5.10.0-64.81.10.1
SUSE Linux Enterprise Server 11-SP4 (src):    perl-5.10.0-64.81.10.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    perl-5.10.0-64.81.10.1

Comment 26 Swamp Workflow Management 2018-04-25 16:11:31 UTC

SUSE-SU-2018:1074-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1082216,1082233,1082234
CVE References: CVE-2018-6797,CVE-2018-6798,CVE-2018-6913
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    perl-5.18.2-12.11.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    perl-5.18.2-12.11.1
SUSE CaaS Platform ALL (src):    perl-5.18.2-12.11.1
OpenStack Cloud Magnum Orchestration 7 (src):    perl-5.18.2-12.11.1

Comment 27 Swamp Workflow Management 2018-04-26 22:10:05 UTC

openSUSE-SU-2018:1095-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1082216,1082233,1082234
CVE References: CVE-2018-6797,CVE-2018-6798,CVE-2018-6913
Sources used:
openSUSE Leap 42.3 (src):    perl-5.18.2-12.1

Comment 30 Swamp Workflow Management 2018-07-17 10:13:54 UTC

SUSE-SU-2018:1972-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1068565,1082216,1082233,1082234,1096718
CVE References: CVE-2018-12015,CVE-2018-6797,CVE-2018-6798,CVE-2018-6913
Sources used:
SUSE OpenStack Cloud 7 (src):    perl-5.18.2-12.14.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    perl-5.18.2-12.14.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    perl-5.18.2-12.14.1
SUSE Linux Enterprise Server 12-SP3 (src):    perl-5.18.2-12.14.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    perl-5.18.2-12.14.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    perl-5.18.2-12.14.1
SUSE Linux Enterprise Server 12-LTSS (src):    perl-5.18.2-12.14.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    perl-5.18.2-12.14.1
SUSE Enterprise Storage 4 (src):    perl-5.18.2-12.14.1
SUSE CaaS Platform ALL (src):    perl-5.18.2-12.14.1
OpenStack Cloud Magnum Orchestration 7 (src):    perl-5.18.2-12.14.1

Comment 31 Swamp Workflow Management 2018-08-20 13:08:09 UTC

SUSE-SU-2018:2447-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1068565,1082216,1082233,1082234,1096718
CVE References: CVE-2018-12015,CVE-2018-6797,CVE-2018-6798,CVE-2018-6913
Sources used:
SUSE CaaS Platform 3.0 (src):    perl-5.18.2-12.17.1

Comment 32 Swamp Workflow Management 2018-10-18 16:20:40 UTC

SUSE-SU-2018:1972-2: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1068565,1082216,1082233,1082234,1096718
CVE References: CVE-2018-12015,CVE-2018-6797,CVE-2018-6798,CVE-2018-6913
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    perl-5.18.2-12.14.1

Comment 34 Maintenance Automation 2024-05-14 08:30:03 UTC

SUSE-SU-2024:1630-1: An update that solves four vulnerabilities can now be installed.

Category: security (important)
Bug References: 1047178, 1082216, 1082233, 1210999
CVE References: CVE-2017-6512, CVE-2018-6798, CVE-2018-6913, CVE-2023-31484
Maintenance Incident: [SUSE:Maintenance:33799](https://smelt.suse.de/incident/33799/)
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 perl-5.26.1-150000.7.18.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 perl-5.26.1-150000.7.18.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 perl-5.26.1-150000.7.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 35 Maintenance Automation 2024-05-22 16:30:15 UTC

SUSE-SU-2024:1762-1: An update that solves two vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1082216, 1082233, 1213638
CVE References: CVE-2018-6798, CVE-2018-6913
Maintenance Incident: [SUSE:Maintenance:33798](https://smelt.suse.de/incident/33798/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src):
 perl-5.26.1-150300.17.17.1
SUSE Manager Proxy 4.3 (src):
 perl-5.26.1-150300.17.17.1
SUSE Manager Retail Branch Server 4.3 (src):
 perl-5.26.1-150300.17.17.1
SUSE Manager Server 4.3 (src):
 perl-5.26.1-150300.17.17.1
SUSE Enterprise Storage 7.1 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Micro 5.1 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Micro 5.2 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 perl-5.26.1-150300.17.17.1
openSUSE Leap 15.3 (src):
 perl-5.26.1-150300.17.17.1
openSUSE Leap Micro 5.3 (src):
 perl-5.26.1-150300.17.17.1
openSUSE Leap Micro 5.4 (src):
 perl-5.26.1-150300.17.17.1
openSUSE Leap 15.5 (src):
 perl-5.26.1-150300.17.17.1
openSUSE Leap 15.6 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Micro 5.3 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Micro 5.4 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Micro 5.5 (src):
 perl-5.26.1-150300.17.17.1
Basesystem Module 15-SP5 (src):
 perl-5.26.1-150300.17.17.1
Basesystem Module 15-SP6 (src):
 perl-5.26.1-150300.17.17.1
Development Tools Module 15-SP5 (src):
 perl-5.26.1-150300.17.17.1
Development Tools Module 15-SP6 (src):
 perl-5.26.1-150300.17.17.1
SUSE Package Hub 15 15-SP5 (src):
 perl-5.26.1-150300.17.17.1
SUSE Package Hub 15 15-SP6 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 perl-5.26.1-150300.17.17.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src):
 perl-5.26.1-150300.17.17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.