[USN-6517-1] Perl vulnerabilities

Marc Deslauriers marc.deslauriers at canonical.com
Mon Nov 27 15:02:35 UTC 2023

Ubuntu Security Notice USN-6517-1
November 27, 2023

perl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS


Several security issues were fixed in Perl.

Software Description:
- perl: Practical Extraction and Report Language


It was discovered that Perl incorrectly handled printing certain warning
messages. An attacker could possibly use this issue to cause Perl to
consume resources, leading to a denial of service. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-48522)

Nathan Mills discovered that Perl incorrectly handled certain regular
expressions. An attacker could use this issue to cause Perl to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   perl                            5.36.0-9ubuntu1.1

Ubuntu 23.04:
   perl                            5.36.0-7ubuntu0.23.04.2

Ubuntu 22.04 LTS:
   perl                            5.34.0-3ubuntu1.3

Ubuntu 20.04 LTS:
   perl                            5.30.0-9ubuntu0.5

In general, a standard system update will make all the necessary changes.

   CVE-2022-48522, CVE-2023-47038

Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20231127/e02fbe92/attachment.sig>

More information about the ubuntu-security-announce mailing list