UbuntuUpdates.org

Package "perl-base"

Name: perl-base

Description:

minimal Perl system
Latest version: 5.38.2-3.2ubuntu0.2
Release: noble (24.04)
Level: security
Repository: main
Head package: perl
Homepage: http://dev.perl.org/perl5/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "perl-base"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "perl-base" in Noble

Repository Area Version
base main 5.38.2-3.2build2
updates main 5.38.2-3.2ubuntu0.2

Changelog

Version: 5.38.2-3.2ubuntu0.2 2025-07-29 19:07:26 UTC

  perl (5.38.2-3.2ubuntu0.2) noble-security; urgency=medium

  * SECURITY UPDATE: threads race condition in file operations
    - debian/patches/fixes/CVE-2025-40909-metaconfig.diff: check for
      fdopendir in regen-configure/U/perl/d_fdopendir.U.
    - debian/patches/fixes/CVE-2025-40909-1.diff: clone dirhandles without
      fchdir in Configure, Cross/config.sh-arm-linux,
      Cross/config.sh-arm-linux-n770, Porting/Glossary, Porting/config.sh,
      config_h.SH, configure.com, plan9/config_sh.sample, sv.c,
      t/op/threads-dirh.t, win32/config.gc, win32/config.vc.
    - debian/patches/fixes/CVE-2025-40909-2.diff: minor corrections in
      Cross/config.sh-arm-linux, Cross/config.sh-arm-linux-n770,
      config_h.SH,plan9/config_sh.sample.
    - debian/patches/fixes/CVE-2025-40909-3.diff: use PerlLIO_dup_cloexec
      in Perl_dirp_dup to set O_CLOEXEC in sv.c.
    - debian/patches/fixes/CVE-2025-40909-metaconfig-reorder.diff: slightly
      reorder Configure and config_h.SH to match metaconfig output in
      Configure, config_h.SH.
    - debian/patches/fixes/CVE-2025-40909-generated.diff: update generated
      files and checksums in uconfig.sh, uconfig64.sh, uconfig.h.
    - CVE-2025-40909

 -- Marc Deslauriers <email address hidden> Fri, 25 Jul 2025 13:26:40 -0400
Source diff to previous version
CVE-2025-40909 Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread crea

Version: 5.38.2-3.2ubuntu0.1 2025-04-14 14:07:24 UTC

  perl (5.38.2-3.2ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: heap overflow when transliterating non-ASCII bytes
    - debian/patches/CVE-2024-56406.patch: properly calculate needed space
      in op.c.
    - CVE-2024-56406

 -- Marc Deslauriers <email address hidden> Tue, 08 Apr 2025 08:47:54 -0400
CVE-2024-56406 A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development version


About   -   Send Feedback to @ubuntu_updates