Perl CVEs CVE-2018-12015, CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314

Posted by anania on 2018-12-14 05:17

Hello, I wanted to see if there was a way to verify whether ActivePerl is vulnerable to the Perl CVEs CVE-2018-12015, CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, and CVE-2018-18314.

I do have an older version of ActivePerl on my Windows 7 systems (5.10.1.1006), I see that up to 5.26.1.2601 is downloadable from the ActivePerl site. I looked in the Release Notes for 5.26 but there was no mention whether any CVEs were addressed. I hadn't yet been able to locate release notes for older versions.

grahams
ActiveState Staff
Fri, 2018-12-14 09:03

https://metacpan.org/changes/release/SHAY/perl-5.26.3
from upstream.

Unless you have a version of Perl from before the bugs were introduced (unlikely), they will affect you.

ActivePerl 5.26.3.2603 is being tested for release.

ActivePerl 5.26.3 will get these fixes from upstream. They will not be back-ported for Community or Business Edition versions prior to 5.26.3. If you want the fixes, you must upgrade.