[Bug 1646730] CVE-2018-18311 perl:
Integer overflow leading to buffer overflow
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1646730
--- Comment #8 from Doran Moppert <dmoppert(a)redhat.com> ---
Statement:
This vulnerability is present in versions of perl included with Red Hat
Virtualization Hypervisor and Management Appliance, however it is not exposed
in any meaningful way. Perl is only included in these images as a dependency of
components which do not manipulate ENV, and are not exposed to user input. A
future update may address this issue.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1646730] CVE-2018-18311 perl:
Integer overflow leading to buffer overflow
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1646730
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |high
CC| |bmcclain(a)redhat.com,
| |dblechte(a)redhat.com,
| |dfediuck(a)redhat.com,
| |eedri(a)redhat.com,
| |gklein(a)redhat.com,
| |mgoldboi(a)redhat.com,
| |michal.skrivanek(a)redhat.com
| |, sbonazzo(a)redhat.com,
| |sherold(a)redhat.com,
| |yturgema(a)redhat.com
Whiteboard|impact=moderate,public=2018 |impact=important,public=201
|1129,reported=20181105,sour |81129,reported=20181105,sou
|ce=upstream,cvss3=7/CVSS:3. |rce=upstream,cvss3=8.1/CVSS
|0/AV:N/AC:H/PR:N/UI:N/S:U/C |:3.0/AV:N/AC:H/PR:N/UI:N/S:
|:L/I:L/A:H,cwe=CWE-190->CWE |U/C:H/I:H/A:H,cwe=CWE-190->
|-120,rhel-6/perl=wontfix,cf |CWE-120,rhel-6/perl=wontfix
|me-5/perl=new,cfme-6/perl=n |,cfme-5/perl=new,cfme-6/per
|ew,openshift-enterprise-3/p |l=new,openshift-enterprise-
|erl=new,fedora-all/perl=aff |3/perl=new,fedora-all/perl=
|ected,rhel-5/perl=wontfix,r |affected,rhel-5/perl=wontfi
|hel-7/perl=affected,openshi |x,rhel-7/perl=affected,open
|ft-online-3/perl=new,rhel-8 |shift-online-3/perl=new,rhe
|/perl=affected,rhscl-3/rh-p |l-8/perl=affected,rhscl-3/r
|erl526-perl=affected,rhscl- |h-perl526-perl=affected,rhs
|3/rh-perl524-perl=affected |cl-3/rh-perl524-perl=affect
| |ed,rhev-m-4/redhat-virtuali
| |zation-host=defer/impact=lo
| |w,rhev-m-4/rhevm-appliance=
| |defer/impact=low
Severity|medium |high
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1646751] CVE-2018-18314 perl: Heap-based buffer overflow
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1646751
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|bmcclain(a)redhat.com, |
|dblechte(a)redhat.com, |
|dfediuck(a)redhat.com, |
|eedri(a)redhat.com, |
|mgoldboi(a)redhat.com, |
|michal.skrivanek(a)redhat.com |
|, sbonazzo(a)redhat.com, |
|sherold(a)redhat.com |
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|1129,reported=20181105,sour |1129,reported=20181105,sour
|ce=upstream,cvss3=7/CVSS:3. |ce=upstream,cvss3=7/CVSS:3.
|0/AV:N/AC:H/PR:N/UI:N/S:U/C |0/AV:N/AC:H/PR:N/UI:N/S:U/C
|:L/I:L/A:H,cwe=CWE-122,rhel |:L/I:L/A:H,cwe=CWE-122,rhel
|-6/perl=notaffected,cfme-5/ |-6/perl=notaffected,cfme-5/
|perl=new,cfme-6/perl=new,op |perl=new,cfme-6/perl=new,op
|enshift-enterprise-3/perl=n |enshift-enterprise-3/perl=n
|ew,fedora-all/perl=affected |ew,fedora-all/perl=affected
|,rhel-5/perl=notaffected,rh |,rhel-5/perl=notaffected,rh
|el-7/perl=notaffected,rhev- |el-7/perl=notaffected,opens
|m-4/perl=notaffected,opensh |hift-online-3/perl=new,rhel
|ift-online-3/perl=new,rhel- |-8/perl=affected,rhscl-3/rh
|8/perl=affected,rhscl-3/rh- |-perl526-perl=affected,rhsc
|perl526-perl=affected,rhscl |l-3/rh-perl524-perl=affecte
|-3/rh-perl524-perl=affected |d
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1646738] CVE-2018-18313 perl: Heap-buffer-overflow read in
regcomp.c
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1646738
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|bmcclain(a)redhat.com, |
|dblechte(a)redhat.com, |
|dfediuck(a)redhat.com, |
|eedri(a)redhat.com, |
|mgoldboi(a)redhat.com, |
|michal.skrivanek(a)redhat.com |
|, sbonazzo(a)redhat.com, |
|sherold(a)redhat.com |
Whiteboard|impact=low,public=20181129, |impact=low,public=20181129,
|reported=20181105,source=up |reported=20181105,source=up
|stream,cvss3=6.5/CVSS:3.0/A |stream,cvss3=6.5/CVSS:3.0/A
|V:N/AC:H/PR:N/UI:N/S:U/C:L/ |V:N/AC:H/PR:N/UI:N/S:U/C:L/
|I:N/A:H,cwe=CWE-125,rhel-6/ |I:N/A:H,cwe=CWE-125,rhel-6/
|perl=notaffected,cfme-5/per |perl=notaffected,cfme-5/per
|l=new,cfme-6/perl=new,opens |l=new,cfme-6/perl=new,opens
|hift-enterprise-3/perl=new, |hift-enterprise-3/perl=new,
|fedora-all/perl=affected,rh |fedora-all/perl=affected,rh
|el-5/perl=notaffected,rhel- |el-5/perl=notaffected,rhel-
|7/perl=notaffected,rhev-m-4 |7/perl=notaffected,openshif
|/perl=notaffected,openshift |t-online-3/perl=new,rhel-8/
|-online-3/perl=new,rhel-8/p |perl=affected,rhscl-3/rh-pe
|erl=affected,rhscl-3/rh-per |rl526-perl=affected,rhscl-3
|l526-perl=affected,rhscl-3/ |/rh-perl524-perl=affected
|rh-perl524-perl=affected |
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1646734] CVE-2018-18312 perl: Heap-buffer-overflow write /
reg_node overrun
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1646734
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|bmcclain(a)redhat.com, |
|dblechte(a)redhat.com, |
|dfediuck(a)redhat.com, |
|eedri(a)redhat.com, |
|mgoldboi(a)redhat.com, |
|michal.skrivanek(a)redhat.com |
|, sbonazzo(a)redhat.com, |
|sherold(a)redhat.com |
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|1129,reported=20181105,sour |1129,reported=20181105,sour
|ce=upstream,cvss3=7/CVSS:3. |ce=upstream,cvss3=7/CVSS:3.
|0/AV:N/AC:H/PR:N/UI:N/S:U/C |0/AV:N/AC:H/PR:N/UI:N/S:U/C
|:L/I:L/A:H,cwe=CWE-22,rhel- |:L/I:L/A:H,cwe=CWE-22,rhel-
|6/perl=notaffected,cfme-5/p |6/perl=notaffected,cfme-5/p
|erl=new,cfme-6/perl=new,ope |erl=new,cfme-6/perl=new,ope
|nshift-enterprise-3/perl=ne |nshift-enterprise-3/perl=ne
|w,fedora-all/perl=affected, |w,fedora-all/perl=affected,
|rhel-5/perl=notaffected,rhe |rhel-5/perl=notaffected,rhe
|l-7/perl=notaffected,rhev-m |l-7/perl=notaffected,opensh
|-4/perl=notaffected,openshi |ift-online-3/perl=new,rhel-
|ft-online-3/perl=new,rhel-8 |8/perl=affected,rhscl-3/rh-
|/perl=affected,rhscl-3/rh-p |perl526-perl=affected,rhscl
|erl526-perl=affected,rhscl- |-3/rh-perl524-perl=affected
|3/rh-perl524-perl=affected |
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1646730] CVE-2018-18311 perl:
Integer overflow leading to buffer overflow
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1646730
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|bmcclain(a)redhat.com, |
|dblechte(a)redhat.com, |
|dfediuck(a)redhat.com, |
|eedri(a)redhat.com, |
|mgoldboi(a)redhat.com, |
|michal.skrivanek(a)redhat.com |
|, sbonazzo(a)redhat.com, |
|sherold(a)redhat.com |
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|1129,reported=20181105,sour |1129,reported=20181105,sour
|ce=upstream,cvss3=7/CVSS:3. |ce=upstream,cvss3=7/CVSS:3.
|0/AV:N/AC:H/PR:N/UI:N/S:U/C |0/AV:N/AC:H/PR:N/UI:N/S:U/C
|:L/I:L/A:H,cwe=CWE-190->CWE |:L/I:L/A:H,cwe=CWE-190->CWE
|-120,rhel-6/perl=wontfix,cf |-120,rhel-6/perl=wontfix,cf
|me-5/perl=new,cfme-6/perl=n |me-5/perl=new,cfme-6/perl=n
|ew,openshift-enterprise-3/p |ew,openshift-enterprise-3/p
|erl=new,fedora-all/perl=aff |erl=new,fedora-all/perl=aff
|ected,rhel-5/perl=wontfix,r |ected,rhel-5/perl=wontfix,r
|hel-7/perl=affected,rhev-m- |hel-7/perl=affected,openshi
|4/perl=new,openshift-online |ft-online-3/perl=new,rhel-8
|-3/perl=new,rhel-8/perl=aff |/perl=affected,rhscl-3/rh-p
|ected,rhscl-3/rh-perl526-pe |erl526-perl=affected,rhscl-
|rl=affected,rhscl-3/rh-perl |3/rh-perl524-perl=affected
|524-perl=affected |
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months