If you saw the news that the Perl Steering Committee just released, they recently identified and patched two new major vulnerabilities:
- CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property
- CVE-2023-47039 - Perl for Windows binary hijacking vulnerability
We have documented additional details about the CVEs here: https://docs.activestate.com/platform/updates/perl-nov-2023/
Here’s what to do next, if you are:
- Using an ActiveState Community Edition Perl Installer and you are concerned about these CVEs, contact us
- On an ActiveState Platform Free Tier Account and want to ensure you or your team are protected against these CVEs, contact us
- On the ActiveState Platform Team Tier or Enterprise Tier, log into the platform and download the patched Perl versions for 5.32-5.38 for all supported OS (Windows, Mac, Linux)
- On the ActiveState Platform Team Tier or Enterprise Tier, but do not have access to end-of-life version support for Perl, contact us