UbuntuUpdates.org

Package "perl-base"

Name: perl-base

Description:

minimal Perl system
Latest version: 5.40.1-7ubuntu0.1
Release: resolute (26.04)
Level: updates
Repository: main
Head package: perl
Homepage: https://dev.perl.org/perl5/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "perl-base"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "perl-base" in Resolute

Repository Area Version
base main 5.40.1-7build1
security main 5.40.1-7ubuntu0.1

Changelog

Version: 5.40.1-7ubuntu0.1 2026-06-24 14:07:36 UTC

  perl (5.40.1-7ubuntu0.1) resolute-security; urgency=high

  * SECURITY UPDATE: path traversal in Archive::Tar symlink/hardlink extraction
    - debian/patches/CVE-2026-42496.patch: validate symlink and hardlink
      targets against absolute paths and directory traversal in
      cpan/Archive-Tar/lib/Archive/Tar.pm
    - CVE-2026-42496
  * SECURITY UPDATE: integer overflow in regular expression compiler
    - debian/patches/CVE-2026-8376_1.patch: add test cases for heap buffer
      overflow via quantified fixed-string regex in t/re/pat_psycho.t
    - debian/patches/CVE-2026-8376_2.patch: add overflow check before
      fixed-string buffer allocation in regcomp.c / regcomp_study.c
    - CVE-2026-8376

 -- Chrisa Oikonomou <email address hidden> Fri, 12 Jun 2026 16:42:16 +0300
CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file()
CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_stu


About   -   Send Feedback to @ubuntu_updates