UbuntuUpdates.org

Package "libperl5.40"

Name: libperl5.40

Description:

shared Perl library
Latest version: 5.40.1-2ubuntu0.2
Release: plucky (25.04)
Level: security
Repository: main
Head package: perl
Homepage: https://dev.perl.org/perl5/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libperl5.40"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libperl5.40" in Plucky

Repository Area Version
updates main 5.40.1-2ubuntu0.2

Changelog

Version: 5.40.1-2ubuntu0.2 2025-07-31 03:07:27 UTC

  perl (5.40.1-2ubuntu0.2) plucky-security; urgency=medium

  * SECURITY UPDATE: threads race condition in file operations
    - debian/patches/fixes/CVE-2025-40909-metaconfig.diff: check for
      fdopendir in regen-configure/U/perl/d_fdopendir.U.
    - debian/patches/fixes/CVE-2025-40909-1.diff: clone dirhandles without
      fchdir in Configure, Cross/config.sh-arm-linux,
      Cross/config.sh-arm-linux-n770, Porting/Glossary, Porting/config.sh,
      config_h.SH, configure.com, plan9/config_sh.sample, sv.c,
      t/op/threads-dirh.t, win32/config.gc, win32/config.vc.
    - debian/patches/fixes/CVE-2025-40909-2.diff: minor corrections in
      Cross/config.sh-arm-linux, Cross/config.sh-arm-linux-n770,
      config_h.SH,plan9/config_sh.sample.
    - debian/patches/fixes/CVE-2025-40909-3.diff: use PerlLIO_dup_cloexec
      in Perl_dirp_dup to set O_CLOEXEC in sv.c.
    - debian/patches/fixes/CVE-2025-40909-metaconfig-reorder.diff: slightly
      reorder Configure and config_h.SH to match metaconfig output in
      Configure, config_h.SH.
    - CVE-2025-40909

 -- Marc Deslauriers <email address hidden> Fri, 25 Jul 2025 13:26:40 -0400
Source diff to previous version
CVE-2025-40909 Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread crea

Version: 5.40.1-2ubuntu0.1 2025-04-23 13:07:08 UTC

  perl (5.40.1-2ubuntu0.1) plucky-security; urgency=medium

  * SECURITY UPDATE: heap overflow when transliterating non-ASCII bytes
    - debian/patches/CVE-2024-56406.patch: properly calculate needed space
      in op.c.
    - CVE-2024-56406

 -- Marc Deslauriers <email address hidden> Mon, 14 Apr 2025 09:45:00 -0400
CVE-2024-56406 A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development version


About   -   Send Feedback to @ubuntu_updates