VDB
GCVE-110-MAGEIA-2018-47
GCVE-110-MAGEIA-2018-47
Advisory Published
John Lightsey and Todd Rinaldo reported that the opportunistic loading of
optional modules can make many programs unintentionally load code from the
current working directory (which might be changed to another directory
without the user realising) and potentially leading to privilege escalation
(CVE-2016-1238).
The cPanel Security Team reported a time of check to time of use (TOCTTOU)
race condition flaw in File::Path, a core module from Perl to create or
remove directory trees. An attacker can take advantage of this flaw to set
the mode on an attacker-chosen file to a attacker-chosen value
(CVE-2017-6512).
Jakub Wilk reported a heap buffer overflow flaw in the regular expression
compiler, allowing a remote attacker to cause a denial of service via a
specially crafted regular expression with the case-insensitive modifier
(CVE-2017-12837).
Jakub Wilk reported a buffer over-read flaw in the regular expression
parser, allowing a remote attacker to cause a denial of service or
information leak (CVE-2017-12883).
The perl-libintl-perl, perl-MIME-Charset, perl-MIME-EncWords,
perl-Module-Build, perl-Sys-Syslog, and perl-Unicode-LineBreak packages
have been patched and the perl-Module-Load-Conditional and perl-Net-DNS
packages have been updated to fix CVE-2016-1238 as well.
The perl-File-Path package has also been patched to fix CVE-2017-6512.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | perl-Youri-Package | 0 (affected), 0.2.4-8.1.mga6 (unaffected) | — |
| Mageia | perl-Unicode-LineBreak | 0 (affected), 0 (affected), 2014.60.0-5.1.mga5 (unaffected), 2014.60.0-5.1.mga5 (unaffected) | — |
| Mageia | perl | 0 (affected), 5.20.1-8.7.mga5 (unaffected), 0 (affected), 5.20.1-8.7.mga5 (unaffected) | — |
| Mageia | rpmlint-mageia-policy | 0 (affected), 0.2.29-2.1.mga6 (unaffected) | — |
| Mageia | perl-MIME-EncWords | 0 (affected), 1.14.2-4.1.mga5 (unaffected), 0 (affected), 1.14.2-4.1.mga5 (unaffected) | — |
| Mageia | perl-Net-DNS | 1.90.0-0.mga5 (unaffected), 1.90.0-0.mga5 (unaffected), 0 (affected), 0 (affected) | — |
| Mageia | perl-libintl-perl | 0 (affected), 1.230.0-6.1.mga5 (unaffected), 0 (affected), 1.230.0-6.1.mga5 (unaffected) | — |
| Mageia | perl-MIME-Charset | 0 (affected), 1.11.1-4.1.mga5 (unaffected), 0 (affected), 1.11.1-4.1.mga5 (unaffected) | — |
| Mageia | perl-Module-Build | 0 (affected), 0.421.0-5.1.mga5 (unaffected), 0 (affected), 0.421.0-5.1.mga5 (unaffected) | — |
| Mageia | perl-Sys-Syslog | 0 (affected), 0.330.0-7.1.mga5 (unaffected), 0 (affected), 0.330.0-7.1.mga5 (unaffected) | — |
| Mageia | perl-File-Path | 0 (affected), 2.90.0-4.1.mga5 (unaffected), 0 (affected), 2.90.0-4.1.mga5 (unaffected) | — |
| Mageia | perl-Module-Load-Conditional | 0 (affected), 0.680.0-1.mga5 (unaffected), 0 (affected), 0.680.0-1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.