[Bug 1646730] CVE-2018-18311 perl: Integer overflow leading to buffer overflow in Perl_my_setenv()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://bugzilla.redhat.com/show_bug.cgi?id=1646730

Paul Harvey <pharvey@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Whiteboard|impact=important,public=201 |impact=important,public=201
                   |81129,reported=20181105,sou |81129,reported=20181105,sou
                   |rce=upstream,cvss3=8.1/CVSS |rce=upstream,cvss3=8.1/CVSS
                   |:3.0/AV:N/AC:H/PR:N/UI:N/S: |:3.0/AV:N/AC:H/PR:N/UI:N/S:
                   |U/C:H/I:H/A:H,cwe=CWE-190-> |U/C:H/I:H/A:H,cwe=CWE-190->
                   |CWE-120,rhel-6/perl=wontfix |CWE-120,rhel-6/perl=wontfix
                   |,openshift-enterprise-3/per |,openshift-enterprise-3/per
                   |l=new,fedora-all/perl=affec |l=notaffected,fedora-all/pe
                   |ted,rhel-5/perl=wontfix,rhe |rl=affected,rhel-5/perl=won
                   |l-7/perl=affected,openshift |tfix,rhel-7/perl=affected,o
                   |-online-3/perl=new,rhel-8/p |penshift-online-3/perl=nota
                   |erl=affected,rhscl-3/rh-per |ffected,rhel-8/perl=affecte
                   |l526-perl=affected,rhscl-3/ |d,rhscl-3/rh-perl526-perl=a
                   |rh-perl524-perl=affected,rh |ffected,rhscl-3/rh-perl524-
                   |ev-m-4/redhat-virtualizatio |perl=affected,rhev-m-4/redh
                   |n-host=defer/impact=low,rhe |at-virtualization-host=defe
                   |v-m-4/rhvm-appliance=defer/ |r/impact=low,rhev-m-4/rhvm-
                   |impact=low,rhel-8/perl:5.24 |appliance=defer/impact=low,
                   |/perl=affected              |rhel-8/perl:5.24/perl=affec
                   |                            |ted



--- Comment #13 from Paul Harvey <pharvey@xxxxxxxxxx> ---
openshift-enterprise-3: notaffected. I reviewed OpenShift containers for
applications with dependencies on perl and was unable to identify any where the
perl interpreter would be exposed to attacker-controlled environment variables
which could expose this flaw. I have not filed trackers as these images will
inherit the existing perl fixes next time they are respun. See also
https://access.redhat.com/articles/2803031

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Fedora PHP Devel]     [Kernel Devel]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite Information]

  Powered by Linux