diff options
author | Steve Hay <steve.m.hay@googlemail.com> | 2018-11-07 21:10:42 +0000 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2018-11-07 21:10:42 +0000 |
commit | b1f92e56d2e54dea1e73475cbc081c03f68ef643 (patch) | |
tree | 5318be655ee85e0a8477a6d00dcc9258c9b101f5 | |
parent | 87e6afe6bc167de5f4fb64f30cbff214c822d4a8 (diff) | |
download | perl-b1f92e56d2e54dea1e73475cbc081c03f68ef643.tar.gz |
perldelta - Updates for security fixes and diagnostics
-rw-r--r-- | pod/perldelta.pod | 73 |
1 files changed, 64 insertions, 9 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index ab8215f44a..da8b4d76e7 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -14,9 +14,44 @@ L<perl5262delta>, which describes differences between 5.26.1 and 5.26.2. =head1 Security -=head2 XXX +=head2 [CVE-2018-12015] Directory traversal in module Archive::Tar -XXX +By default, L<Archive::Tar> doesn't allow extracting files outside the current +working directory. However, this secure extraction mode could be bypassed by +putting a symlink and a regular file with the same name into the tar file. + +L<[perl #133250]|https://rt.perl.org/Ticket/Display.html?id=133250> +L<[cpan #125523]|https://rt.cpan.org/Ticket/Display.html?id=125523> + +=head2 [CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault + +Integer arithmetic in C<Perl_my_setenv()> could wrap when the combined length +of the environment variable name and value exceeded around 0x7fffffff. This +could lead to writing beyond the end of an allocated buffer with attacker +supplied data. + +L<[perl #133204]|https://rt.perl.org/Ticket/Display.html?id=133204> + +=head2 [CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c) + +A crafted regular expression could cause heap-buffer-overflow write during +compilation, potentially allowing arbitrary code execution. + +L<[perl #133423]|https://rt.perl.org/Ticket/Display.html?id=133423> + +=head2 [CVE-2018-18313] Heap-buffer-overflow read in S_grok_bslash_N (regcomp.c) + +A crafted regular expression could cause heap-buffer-overflow read during +compilation, potentially leading to sensitive information being leaked. + +L<[perl #133192]|https://rt.perl.org/Ticket/Display.html?id=133192> + +=head2 [CVE-2018-18314] Heap-buffer-overflow write in S_regatom (regcomp.c) + +A crafted regular expression could cause heap-buffer-overflow write during +compilation, potentially allowing arbitrary code execution. + +L<[perl #131649]|https://rt.perl.org/Ticket/Display.html?id=131649> =head1 Incompatible Changes @@ -54,27 +89,47 @@ diagnostic messages, see L<perldiag>. =item * -XXX L<message|perldiag/"message"> +L<Unexpected ']' with no following ')' in (?[... in regex; marked by E<lt>-- HERE in mE<sol>%sE<sol>|perldiag/"Unexpected ']' with no following ')' in (?[... in regex; marked by E<lt>-- HERE in mE<sol>%sE<sol>"> -=back +(F) While parsing an extended character class a ']' character was encountered +at a point in the definition where the only legal use of ']' is to close the +character class definition as part of a '])', you may have forgotten the close +paren, or otherwise confused the parser. -=head2 Changes to Existing Diagnostics +=item * -=over 4 +L<Expecting close paren for nested extended charclass in regex; marked by E<lt>-- HERE in mE<sol>%sE<sol>|perldiag/"Expecting close paren for nested extended charclass in regex; marked by E<lt>-- HERE in mE<sol>%sE<sol>"> + +(F) While parsing a nested extended character class like: + + (?[ ... (?flags:(?[ ... ])) ... ]) + ^ + +we expected to see a close paren ')' (marked by ^) but did not. =item * -XXX Describe change here +L<Expecting close paren for wrapper for nested extended charclass in regex; marked by E<lt>-- HERE in mE<sol>%sE<sol>|perldiag/"Expecting close paren for wrapper for nested extended charclass in regex; marked by E<lt>-- HERE in mE<sol>%sE<sol>"> + +(F) While parsing a nested extended character class like: + + (?[ ... (?flags:(?[ ... ])) ... ]) + ^ + +we expected to see a close paren ')' (marked by ^) but did not. =back -=head1 Selected Bug Fixes +=head2 Changes to Existing Diagnostics =over 4 =item * -XXX +L<Syntax error in (?[...]) in regex; marked by E<lt>-- HERE in mE<sol>%sE<sol>|perldiag/"Syntax error in (?[...]) in regex; marked by E<lt>-- HERE in mE<sol>%sE<sol>"> + +This fatal error message has been slightly expanded (from "Syntax error in +(?[...]) in regex mE<sol>%sE<sol>") for greater clarity. =back |