[USN-3684-2] Perl vulnerability


–===============6521410847995400125==
Content-Type: multipart/signed; micalg=”pgp-sha256″;
protocol=”application/pgp-signature”; boundary=”=-4z0jpu6bY28WBsqt6RBt”

–=-4z0jpu6bY28WBsqt6RBt
Content-Type: text/plain; charset=”UTF-8″
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-3684-2
June 13, 2018

perl vulnerability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Perl could be made to overwrite arbitrary files if it received
a specially crafted archive file.

Software Description:
– perl: Practical Extraction and Report Language

Details:

USN-3684-1 fixed a vulnerability in perl. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

=C2=A0It was discovered that Perl incorrectly handled certain archive files=
.
=C2=A0An attacker could possibly use this to overwrite arbitrary files.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
=C2=A0 perl=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A05.14.2-6ubuntu2.8

In general, a standard system update will make all the necessary
changes.

References:
=C2=A0 https://usn.ubuntu.com/usn/usn-3684-2
=C2=A0 https://usn.ubuntu.com/usn/usn-3684-1
=C2=A0 CVE-2018-12015
–=-4z0jpu6bY28WBsqt6RBt
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbIWZdAAoJEEW851uECx9pcv4P/3Z1mCN013WmLHJ7aH3ZGEvP
gluE+c9YoHxBhKtyD5DsRArN9kSEx9u8C2O+LO9GzV/PtQp0YUdoUVTYrNVluEMh
gu83JMvQDx4KbIWOICY1Fhz6/P+3bLbMOu2vH9K/HfkF/62KQvX4KW71qTwkPx34
ImjdBlJTVQ1ZdjpbFhammQ1jGL2ZMfpMPlHhpq78Dnq97qQIJZdnpxHVoqSy1KAm
IZGJaWFovUfMPz69nmX7LN8B9QFPDKa+HFlmqod8ubu1SK6a5MnWzjQ7yD3KYl1k
tyH7VX8VLK6VG9PEIGIRoGSPheMVMVM69scNiDQ+XiaPac0ql3/ozzPHi12CPkZz
iSTNiwuCGCZ1XfmJIulSZIi3MUzU9tWJB2iHHZmed1oDFLXTwhIr1dU4NsaB3CtG
8doRXSATbPmXfxnTRbKFGe3ShKKbARrzUR0q80sd7IqiVpo6tuDQZ4E53YO1dHfF
dI7vHsE9fFiLxBAXGvJNykshUeO3QSRiYe9HBpNkxmcbxSwrqGYIaXHeQrkbeZIQ
8hNkFUAS9Vg+Ub6y51HCo+Q8kKeS/7vHvHlwBDpb7T2OKxrTZWGzYlX7z5Mb84/+
LfaC74G8FRZ0ZAA9B0BThOknCtzCcOb/qE4udMu55tCz9ylsnQqGZuLqsejo8GDP
7lLoR6Dqaz72lgpAtfcr
=TAi6
—–END PGP SIGNATURE—–

–=-4z0jpu6bY28WBsqt6RBt–

–===============6521410847995400125==
Content-Type: text/plain; charset=”utf-8″
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

–===============6521410847995400125==–