Upstream information

CVE-2007-5116 at MITRE

Description

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 332199 [RESOLVED / FIXED], 372331 [RESOLVED / FIXED], 915514 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • perl >= 5.10.0-64.47.8
  • perl-32bit >= 5.10.0-64.47.8
  • perl-base >= 5.10.0-64.47.8
  • perl-doc >= 5.10.0-64.47.8
  • perl-x86 >= 5.10.0-64.47.8
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA perl-32bit
SUSE Linux Enterprise Server 11 SP2
  • perl >= 5.10.0-64.55.1
  • perl-32bit >= 5.10.0-64.55.1
  • perl-base >= 5.10.0-64.55.1
  • perl-doc >= 5.10.0-64.55.1
  • perl-x86 >= 5.10.0-64.55.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA perl-32bit
SUSE Linux Enterprise Server 11 SP3
  • perl >= 5.10.0-64.67.52
  • perl-32bit >= 5.10.0-64.67.52
  • perl-Module-Build >= 0.2808.01-0.67.52
  • perl-Test-Simple >= 0.72-0.67.52
  • perl-base >= 5.10.0-64.67.52
  • perl-doc >= 5.10.0-64.67.52
  • perl-x86 >= 5.10.0-64.67.52
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA perl-32bit
SUSE Linux Enterprise Server 11 SP4
  • perl >= 5.10.0-64.72.1
  • perl-32bit >= 5.10.0-64.72.1
  • perl-Module-Build >= 0.2808.01-0.72.1
  • perl-Test-Simple >= 0.72-0.72.1
  • perl-base >= 5.10.0-64.72.1
  • perl-doc >= 5.10.0-64.72.1
  • perl-x86 >= 5.10.0-64.72.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA perl-32bit
SUSE Linux Enterprise Software Development Kit 11 SP4
  • perl-base-32bit >= 5.10.0-64.72.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA perl-base-32bit
SUSE LINUX 10.0
  • perl >= 5.8.7-5.6
  • perl-32bit >= 5.8.7-5.6
  • perl-64bit >= 5.8.7-5.6
SUSE LINUX 10.1
  • perl >= 5.8.8-14.7
  • perl-32bit >= 5.8.8-14.7
  • perl-64bit >= 5.8.8-14.7
SUSE LINUX Retail Solution 8
SuSE Linux Desktop 1.0
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • perl >= 5.8.0-209
sles9-oes.x86
core9.s390
ul1.s390
slrs8.x86
sled10.x86
sles10.s390x
ZYPP Patch Nr: 4665
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • perl >= 5.8.3-32.12
sles9-oes.x86
core9.s390
ul1.s390
slrs8.x86
sled10.x86
sles10.s390x
ZYPP Patch Nr: 4665
Novell Linux Desktop 9 for x86_64
  • perl >= 5.8.3-32.12
  • perl-32bit >= 9-200711080056
sles9-oes.x86
core9.s390
ul1.s390
slrs8.x86
sled10.x86
sles10.s390x
ZYPP Patch Nr: 4665