Details of VAR-201812-0271

ID

VAR-201812-0271

CVE

CVE-2018-18311

TITLE

Perl Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201811-924

DESCRIPTION

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl is prone to the following multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. 1. An integer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. 7) - noarch, x86_64 3. For the stable distribution (stretch), these problems have been fixed in version 5.24.1-3+deb9u5. We recommend that you upgrade your perl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: perl security update Advisory ID: RHSA-2019:0109-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0109 Issue date: 2019-01-21 CVE Names: CVE-2018-18311 ===================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm ppc64: perl-5.16.3-294.el7_6.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64.rpm perl-core-5.16.3-294.el7_6.ppc64.rpm perl-debuginfo-5.16.3-294.el7_6.ppc.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64.rpm perl-devel-5.16.3-294.el7_6.ppc.rpm perl-devel-5.16.3-294.el7_6.ppc64.rpm perl-libs-5.16.3-294.el7_6.ppc.rpm perl-libs-5.16.3-294.el7_6.ppc64.rpm perl-macros-5.16.3-294.el7_6.ppc64.rpm ppc64le: perl-5.16.3-294.el7_6.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm perl-core-5.16.3-294.el7_6.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-devel-5.16.3-294.el7_6.ppc64le.rpm perl-libs-5.16.3-294.el7_6.ppc64le.rpm perl-macros-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.s390x.rpm perl-core-5.16.3-294.el7_6.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.s390.rpm perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-devel-5.16.3-294.el7_6.s390.rpm perl-devel-5.16.3-294.el7_6.s390x.rpm perl-libs-5.16.3-294.el7_6.s390.rpm perl-libs-5.16.3-294.el7_6.s390x.rpm perl-macros-5.16.3-294.el7_6.s390x.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm aarch64: perl-5.16.3-294.el7_6.aarch64.rpm perl-Time-Piece-1.20.1-294.el7_6.aarch64.rpm perl-core-5.16.3-294.el7_6.aarch64.rpm perl-debuginfo-5.16.3-294.el7_6.aarch64.rpm perl-devel-5.16.3-294.el7_6.aarch64.rpm perl-libs-5.16.3-294.el7_6.aarch64.rpm perl-macros-5.16.3-294.el7_6.aarch64.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm ppc64le: perl-5.16.3-294.el7_6.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm perl-core-5.16.3-294.el7_6.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-devel-5.16.3-294.el7_6.ppc64le.rpm perl-libs-5.16.3-294.el7_6.ppc64le.rpm perl-macros-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-5.16.3-294.el7_6.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.s390x.rpm perl-core-5.16.3-294.el7_6.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.s390.rpm perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-devel-5.16.3-294.el7_6.s390.rpm perl-devel-5.16.3-294.el7_6.s390x.rpm perl-libs-5.16.3-294.el7_6.s390.rpm perl-libs-5.16.3-294.el7_6.s390x.rpm perl-macros-5.16.3-294.el7_6.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: perl-debuginfo-5.16.3-294.el7_6.ppc64.rpm perl-tests-5.16.3-294.el7_6.ppc64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-tests-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-tests-5.16.3-294.el7_6.s390x.rpm x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: perl-debuginfo-5.16.3-294.el7_6.aarch64.rpm perl-tests-5.16.3-294.el7_6.aarch64.rpm ppc64le: perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-tests-5.16.3-294.el7_6.ppc64le.rpm s390x: perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-tests-5.16.3-294.el7_6.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: perl-5.16.3-294.el7_6.src.rpm noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18311 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXEYC0dzjgjWX9erEAQi+cg//SP5ltkBCVsa86sXT7nP94nQepzxwweEj EC1T/sqSYhSYJcftiJdmcxJk9g4wOns39SNJuvsiiajYarJeIFjUq2TpX/lxL3Qe YrrnZ2esaT+kTDPtCpzBoatZ6uSKZmAVBKmu1bQMmquRt6fbk9F3lWWzfUEfspuU RxfJplbKlejPsAAEUA4URdoC8Jey1cbKgrDOxqOGH1ipZyVsW8jvrrCZxCLKkeRR MyfngBxyTGld78ZoDipSMOInjs50Snh3xp+z4ZxPIpltaEiJHK9mbg5Psqvz8hZY S7RMVK4qPPJwFuPLEKBBNtwFneNotq1Hz4Pj1f2YvjsTv56N+IwudLAdHK8bQBA8 mTRgSNbn8T/22U67d6Pa+T1hL/5xstbOM2Jtj5CD++Oqh84mh8ZhWYFafAdCu/RS RRgSZIg3CCjS7C0y+to1BBNARWJm0ymko9NPVGW5anDvqCZfowbUEOe/t1suXbE9 pMJgi+p5JPJwWgA+PkYgeW60edGu1sobtV84QQtgUAjy6wgby2wHYPgJJVNt8TP8 6JkRCmHhbwjsreDy0v65oNWWwTsgUFzjl+KUk5nwh/JST6w+LjY/CCUTgTNyVQR3 ivFL/VNrTip4RQCASlWILYI95U0h+Fb1hL7xbQ5KevVNwS07MZdFhEcZWDTBj3Iw KtRzQvqVeHM= =kPNu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the following: AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team Bom Available for: macOS Mojave 10.14.3 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2019-6239: Ian Moorhouse and Michael Trimm CFString Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc. configd Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36) Contacts Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher CoreCrypto Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher DiskArbitration Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2019-8522: Colin Meginnis (@falc420) FaceTime Available for: macOS Mojave 10.14.3 Impact: A user's video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. CVE-2019-8550: Lauren Guzniczak of Keystone Academy Feedback Assistant Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs Feedback Assistant Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs file Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher Graphics Drivers Available for: macOS Mojave 10.14.3 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative iAP Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher IOGraphics Available for: macOS Mojave 10.14.3 Impact: A Mac may not lock when disconnecting from an external monitor Description: A lock handling issue was addressed with improved lock handling. CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT IOHIDFamily Available for: macOS Mojave 10.14.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team IOKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8504: an anonymous researcher IOKit SCSI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6) Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8508: Dr. Silvio Cesare of InfoSect Kernel Available for: macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team Kernel Available for: macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG Messages Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang Notes Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view a user's locked notes Description: An access issue was addressed with improved memory management. CVE-2019-8537: Greg Walker (gregwalker.us) PackageKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2019-8561: Jaron Bradley of Crowdstrike Perl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: Multiple issues in Perl Description: Multiple issues in Perl were addressed in this update. CVE-2018-12015: Jakub Wilk CVE-2018-18311: Jayakrishna Menon CVE-2018-18313: Eiichi Tsukata Power Management Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com) QuartzCore Available for: macOS Mojave 10.14.3 Impact: Processing malicious data may lead to unexpected application termination Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8526: Linus Henze (pinauten.de) Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC) Siri Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest Time Machine Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to execute arbitrary shell commands Description: This issue was addressed with improved checks. CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs TrueTypeScaler Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative XPC Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs Additional recognition Accounts We would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt for their assistance. Books We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Mail We would like to acknowledge Craig Young of Tripwire VERT and Hanno Böck for their assistance. Time Machine We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance. Installation note: macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9 FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33 iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p 7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J +9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7 OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0 zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS 1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk= =QV0f -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2018-18311 // BID: 106145 // VULHUB: VHN-128858 // VULMON: CVE-2018-18311 // PACKETSTORM: 151001 // PACKETSTORM: 153965 // PACKETSTORM: 150523 // PACKETSTORM: 151248 // PACKETSTORM: 152222

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.5	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	perl	model:	perl	scope:	lt	version:	5.26.3	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.7.2.21	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	8.1.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	3.11	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	29	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.8.2	Trust: 1.0
vendor:	perl	model:	perl	scope:	gte	version:	5.28.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	perl	model:	perl	scope:	lt	version:	5.28.1	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.8.2.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	snapdriver	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.4	Trust: 1.0
vendor:	perl	model:	perl	scope:	eq	version:	5.16.2	Trust: 0.9
vendor:	perl	model:	perl	scope:	eq	version:	5.16.1	Trust: 0.9
vendor:	perl	model:	perl	scope:	eq	version:	5.14.3	Trust: 0.9
vendor:	perl	model:	perl	scope:	eq	version:	5.14.2	Trust: 0.9
vendor:	perl	model:	perl	scope:	eq	version:	5.14.1	Trust: 0.9
vendor:	perl	model:	perl	scope:	eq	version:	5.16.0	Trust: 0.6
vendor:	perl	model:	perl	scope:	eq	version:	5.14.0	Trust: 0.6
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	0	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.28	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.26.2	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.26	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.24.3	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.22.1	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.20.2	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.20.1	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.18.2	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.16	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.14	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.12.1	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.12	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.11	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.10	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.9.2	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8.10	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8.9	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8.8	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8.7	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8.6	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8.5	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8.4	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8.3	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8.2	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.8.1	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.24	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.22	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.20	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.18	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.17.7	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.9	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.8	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.7	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.6	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.5	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.4	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.3	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.2	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.11	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.10	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.1	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.13.0	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.12.3	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.12.2	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.11.5	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.11.4	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.11.3	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.11.2	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.11.1	Trust: 0.3
vendor:	perl	model:	perl	scope:	eq	version:	5.10.1	Trust: 0.3
vendor:	perl	model:	perl	scope:	ne	version:	5.28.1	Trust: 0.3
vendor:	perl	model:	perl	scope:	ne	version:	5.26.3	Trust: 0.3

sources: BID: 106145 // CNNVD: CNNVD-201811-924 // NVD: CVE-2018-18311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18311
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-201811-924
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-128858
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-18311
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-18311
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-128858
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-18311
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-128858 // VULMON: CVE-2018-18311 // CNNVD: CNNVD-201811-924 // NVD: CVE-2018-18311

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-128858 // NVD: CVE-2018-18311

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-924

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201811-924

PATCH

title:	Perl Fixes for digital error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87329	Trust: 0.6
title:	Red Hat: Important: perl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192400 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: perl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190109 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: perl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191942 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: perl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191790 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: rh-perl524-perl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190010 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: rh-perl526-perl security and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190001 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: perl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3834-2	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2019-1180	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1180	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2019-1166	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1166	Trust: 0.1
title:	Red Hat: CVE-2018-18311	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-18311	Trust: 0.1
title:	Ubuntu Security Notice: perl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3834-1	Trust: 0.1
title:	Debian Security Advisories: DSA-4347-1 perl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=9d703224274c60e23b97462e56895757	Trust: 0.1
title:	IBM: IBM Security Bulletin: A vulnerability in Perl affects PowerKVM	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3138e313caf45ee4ff0ccc294e40bbe3	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=48c2d25ee84d3c5c67f054df5e25d685	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin -	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=03eedb4fe879a888adeecb9d62c3c412	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1519a5f830589c3bab8a20f4163374ae	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=aea3fcafd82c179d3a5dfa015e920864	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8580d3cd770371e2ef0f68ca624b80b0	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61	Trust: 0.1
title:	-	url:	https://github.com/D5n9sMatrix/perltoc	Trust: 0.1
title:	-	url:	https://github.com/aravindb26/new.txt	Trust: 0.1

sources: VULMON: CVE-2018-18311 // CNNVD: CNNVD-201811-924

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18311	Trust: 2.6
db:	BID	id:	106145	Trust: 2.1
db:	SECTRACK	id:	1042181	Trust: 1.8
db:	MCAFEE	id:	SB10278	Trust: 1.8
db:	PACKETSTORM	id:	153652	Trust: 0.7
db:	PACKETSTORM	id:	152222	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0670	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1967	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0990	Trust: 0.6
db:	CNNVD	id:	CNNVD-201811-924	Trust: 0.6
db:	PACKETSTORM	id:	151001	Trust: 0.2
db:	PACKETSTORM	id:	153965	Trust: 0.2
db:	PACKETSTORM	id:	151248	Trust: 0.2
db:	PACKETSTORM	id:	150523	Trust: 0.2
db:	PACKETSTORM	id:	150564	Trust: 0.1
db:	PACKETSTORM	id:	150565	Trust: 0.1
db:	PACKETSTORM	id:	151000	Trust: 0.1
db:	PACKETSTORM	id:	153814	Trust: 0.1
db:	PACKETSTORM	id:	154385	Trust: 0.1
db:	VULHUB	id:	VHN-128858	Trust: 0.1
db:	VULMON	id:	CVE-2018-18311	Trust: 0.1

sources: VULHUB: VHN-128858 // VULMON: CVE-2018-18311 // BID: 106145 // PACKETSTORM: 151001 // PACKETSTORM: 153965 // PACKETSTORM: 150523 // PACKETSTORM: 151248 // PACKETSTORM: 152222 // CNNVD: CNNVD-201811-924 // NVD: CVE-2018-18311

REFERENCES

url:	http://www.securityfocus.com/bid/106145	Trust: 3.0
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1646730	Trust: 2.1
url:	https://github.com/perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be	Trust: 2.1
url:	https://access.redhat.com/errata/rhsa-2019:2400	Trust: 2.0
url:	https://access.redhat.com/errata/rhsa-2019:0010	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:0109	Trust: 1.9
url:	https://usn.ubuntu.com/3834-2/	Trust: 1.9
url:	https://seclists.org/bugtraq/2019/mar/42	Trust: 1.8
url:	https://metacpan.org/changes/release/shay/perl-5.26.3	Trust: 1.8
url:	https://metacpan.org/changes/release/shay/perl-5.28.1	Trust: 1.8
url:	https://rt.perl.org/ticket/display.html?id=133204	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190221-0003/	Trust: 1.8
url:	https://support.apple.com/kb/ht209600	Trust: 1.8
url:	https://www.debian.org/security/2018/dsa-4347	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2019/mar/49	Trust: 1.8
url:	https://security.gentoo.org/glsa/201909-01	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html	Trust: 1.8
url:	https://access.redhat.com/errata/rhba-2019:0327	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:0001	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1790	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1942	Trust: 1.8
url:	http://www.securitytracker.com/id/1042181	Trust: 1.8
url:	https://usn.ubuntu.com/3834-1/	Trust: 1.8
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10278	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2018-18311	Trust: 1.2
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2018-18314	Trust: 1.0
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1646751	Trust: 0.9
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/	Trust: 0.7
url:	https://github.com/perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4fwww.perl.org	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10794373	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10791549	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10869078	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10792175	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10870872	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10794743	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10871830	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10791547	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10871626	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10794307	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10870068	Trust: 0.6
url:	https://support.apple.com/en-au/ht209600	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10886247	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77806	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10871786	Trust: 0.6
url:	https://support.apple.com/en-us/ht209600	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76454	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10886247	Trust: 0.6
url:	https://packetstormsecurity.com/files/152222/apple-security-advisory-2019-3-25-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1967/	Trust: 0.6
url:	https://packetstormsecurity.com/files/153652/red-hat-security-advisory-2019-1790-01.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18311	Trust: 0.5
url:	https://github.com/perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f	Trust: 0.3
url:	www.perl.org	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18313	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18312	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18314	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10278	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=59232	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-18313	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-18312	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/perl	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8514	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8511	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8519	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8502	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8516	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6239	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6237	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8540	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8526	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8527	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12015	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8533	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8520	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8517	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8521	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6207	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8504	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7293	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8510	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8508	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8530	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8513	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8529	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8537	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8507	Trust: 0.1

CREDITS

Apple,Red Hat,The vendor reported these issues.

Trust: 0.6

sources: CNNVD: CNNVD-201811-924

SOURCES

db:	VULHUB	id:	VHN-128858
db:	VULMON	id:	CVE-2018-18311
db:	BID	id:	106145
db:	PACKETSTORM	id:	151001
db:	PACKETSTORM	id:	153965
db:	PACKETSTORM	id:	150523
db:	PACKETSTORM	id:	151248
db:	PACKETSTORM	id:	152222
db:	CNNVD	id:	CNNVD-201811-924
db:	NVD	id:	CVE-2018-18311

LAST UPDATE DATE

2024-11-21T21:13:51.898000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-128858	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2018-18311	date:	2023-11-07T00:00:00
db:	BID	id:	106145	date:	2018-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201811-924	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2018-18311	date:	2023-11-07T02:55:02.103

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-128858	date:	2018-12-07T00:00:00
db:	VULMON	id:	CVE-2018-18311	date:	2018-12-07T00:00:00
db:	BID	id:	106145	date:	2018-11-29T00:00:00
db:	PACKETSTORM	id:	151001	date:	2019-01-03T02:57:52
db:	PACKETSTORM	id:	153965	date:	2019-08-07T20:08:30
db:	PACKETSTORM	id:	150523	date:	2018-11-30T15:01:16
db:	PACKETSTORM	id:	151248	date:	2019-01-22T16:02:14
db:	PACKETSTORM	id:	152222	date:	2019-03-26T14:40:53
db:	CNNVD	id:	CNNVD-201811-924	date:	2018-11-30T00:00:00
db:	NVD	id:	CVE-2018-18311	date:	2018-12-07T21:29:00.407