StarlingX

[Debian] High CVE: CVE-2023-47038 perl: buffer overflow in a heap allocated buffer

Bug #2052927 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Wentao Zhang

Bug Description

CVE-2023-47038: https://nvd.nist.gov/vuln/detail/CVE-2023-47038

A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

Base Score: High

Reference:

['libperl5.32_5.32.1-4+deb11u2_amd64.deb===>libperl5.32_5.32.1-4+deb11u3_amd64.deb', 'perl_5.32.1-4+deb11u2_amd64.deb===>perl_5.32.1-4+deb11u3_amd64.deb', 'perl-base_5.32.1-4+deb11u2_amd64.deb===>perl-base_5.32.1-4+deb11u3_amd64.deb', 'perl-modules-5.32_5.32.1-4+deb11u2_all.deb===>perl-modules-5.32_5.32.1-4+deb11u3_all.deb']

CVE References

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/910297

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/910297
Committed: https://opendev.org/starlingx/tools/commit/0f9413c743d1da5501f0f5fb6b74b1c4606ae3db
Submitter: "Zuul (22348)"
Branch: master

commit 0f9413c743d1da5501f0f5fb6b74b1c4606ae3db
Author: Wentao Zhang <email address hidden>
Date: Tue Feb 27 13:47:44 2024 +0800

    Debian: perl : fix CVE-2023-47038

    Upgrade libperl5.32 to 5.32.1-4+deb11u3
    Upgrade perl to 5.32.1-4+deb11u3
    Upgrade perl-base to 5.32.1-4+deb11u3
    Upgrade perl-modules-5.32 to 5.32.1-4+deb11u3

    Refer to:
    https://nvd.nist.gov/vuln/detail/CVE-2023-47038

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

    Closes-bug: #2052927

    Change-Id: I64872f5ff20a18fafcae7f10bf37cc686847140a
    Signed-off-by: Wentao Zhang <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → Wentao Zhang (wzhang4)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.