{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libperl5.34", "perl", "perl-base", "perl-modules-5.34" ] } }, "diff": { "deb": [ { "name": "libperl5.34", "from_version": { "source_package_name": "perl", "source_package_version": "5.34.0-3ubuntu1.5", "version": "5.34.0-3ubuntu1.5" }, "to_version": { "source_package_name": "perl", "source_package_version": "5.34.0-3ubuntu1.7", "version": "5.34.0-3ubuntu1.7" }, "cves": [ { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" }, { "cve": "CVE-2026-42496", "url": "https://ubuntu.com/security/CVE-2026-42496", "cve_description": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.", "cve_priority": "medium", "cve_public_date": "2026-05-26 02:16:00 UTC" }, { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: integer overflow in regular expression compiler", " - debian/patches/CVE-2026-8376_1.patch: accept quantifier limit error", " on 32-bit architectures where the quantifier limit catches the", " oversized pattern before the overflow guard", " - CVE-2026-8376", "" ], "package": "perl", "version": "5.34.0-3ubuntu1.7", "urgency": "high", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Chrisa Oikonomou ", "date": "Mon, 23 Jun 2026 11:11:00 +0300" }, { "cves": [ { "cve": "CVE-2026-42496", "url": "https://ubuntu.com/security/CVE-2026-42496", "cve_description": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.", "cve_priority": "medium", "cve_public_date": "2026-05-26 02:16:00 UTC" }, { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal in Archive::Tar symlink/hardlink extraction", " - debian/patches/CVE-2026-42496.patch: validate symlink and hardlink", " targets against absolute paths and directory traversal in", " cpan/Archive-Tar/lib/Archive/Tar.pm", " - CVE-2026-42496", " * SECURITY UPDATE: integer overflow in regular expression compiler", " - debian/patches/CVE-2026-8376_1.patch: add test cases for heap buffer", " overflow via quantified fixed-string regex in t/re/pat_psycho.t", " - debian/patches/CVE-2026-8376_2.patch: add overflow check before", " fixed-string buffer allocation in regcomp.c / regcomp_study.c", " - CVE-2026-8376", "" ], "package": "perl", "version": "5.34.0-3ubuntu1.6", "urgency": "high", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Chrisa Oikonomou ", "date": "Fri, 12 Jun 2026 16:42:26 +0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "perl", "from_version": { "source_package_name": "perl", "source_package_version": "5.34.0-3ubuntu1.5", "version": "5.34.0-3ubuntu1.5" }, "to_version": { "source_package_name": "perl", "source_package_version": "5.34.0-3ubuntu1.7", "version": "5.34.0-3ubuntu1.7" }, "cves": [ { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" }, { "cve": "CVE-2026-42496", "url": "https://ubuntu.com/security/CVE-2026-42496", "cve_description": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.", "cve_priority": "medium", "cve_public_date": "2026-05-26 02:16:00 UTC" }, { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: integer overflow in regular expression compiler", " - debian/patches/CVE-2026-8376_1.patch: accept quantifier limit error", " on 32-bit architectures where the quantifier limit catches the", " oversized pattern before the overflow guard", " - CVE-2026-8376", "" ], "package": "perl", "version": "5.34.0-3ubuntu1.7", "urgency": "high", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Chrisa Oikonomou ", "date": "Mon, 23 Jun 2026 11:11:00 +0300" }, { "cves": [ { "cve": "CVE-2026-42496", "url": "https://ubuntu.com/security/CVE-2026-42496", "cve_description": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.", "cve_priority": "medium", "cve_public_date": "2026-05-26 02:16:00 UTC" }, { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal in Archive::Tar symlink/hardlink extraction", " - debian/patches/CVE-2026-42496.patch: validate symlink and hardlink", " targets against absolute paths and directory traversal in", " cpan/Archive-Tar/lib/Archive/Tar.pm", " - CVE-2026-42496", " * SECURITY UPDATE: integer overflow in regular expression compiler", " - debian/patches/CVE-2026-8376_1.patch: add test cases for heap buffer", " overflow via quantified fixed-string regex in t/re/pat_psycho.t", " - debian/patches/CVE-2026-8376_2.patch: add overflow check before", " fixed-string buffer allocation in regcomp.c / regcomp_study.c", " - CVE-2026-8376", "" ], "package": "perl", "version": "5.34.0-3ubuntu1.6", "urgency": "high", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Chrisa Oikonomou ", "date": "Fri, 12 Jun 2026 16:42:26 +0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "perl-base", "from_version": { "source_package_name": "perl", "source_package_version": "5.34.0-3ubuntu1.5", "version": "5.34.0-3ubuntu1.5" }, "to_version": { "source_package_name": "perl", "source_package_version": "5.34.0-3ubuntu1.7", "version": "5.34.0-3ubuntu1.7" }, "cves": [ { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" }, { "cve": "CVE-2026-42496", "url": "https://ubuntu.com/security/CVE-2026-42496", "cve_description": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.", "cve_priority": "medium", "cve_public_date": "2026-05-26 02:16:00 UTC" }, { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: integer overflow in regular expression compiler", " - debian/patches/CVE-2026-8376_1.patch: accept quantifier limit error", " on 32-bit architectures where the quantifier limit catches the", " oversized pattern before the overflow guard", " - CVE-2026-8376", "" ], "package": "perl", "version": "5.34.0-3ubuntu1.7", "urgency": "high", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Chrisa Oikonomou ", "date": "Mon, 23 Jun 2026 11:11:00 +0300" }, { "cves": [ { "cve": "CVE-2026-42496", "url": "https://ubuntu.com/security/CVE-2026-42496", "cve_description": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.", "cve_priority": "medium", "cve_public_date": "2026-05-26 02:16:00 UTC" }, { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal in Archive::Tar symlink/hardlink extraction", " - debian/patches/CVE-2026-42496.patch: validate symlink and hardlink", " targets against absolute paths and directory traversal in", " cpan/Archive-Tar/lib/Archive/Tar.pm", " - CVE-2026-42496", " * SECURITY UPDATE: integer overflow in regular expression compiler", " - debian/patches/CVE-2026-8376_1.patch: add test cases for heap buffer", " overflow via quantified fixed-string regex in t/re/pat_psycho.t", " - debian/patches/CVE-2026-8376_2.patch: add overflow check before", " fixed-string buffer allocation in regcomp.c / regcomp_study.c", " - CVE-2026-8376", "" ], "package": "perl", "version": "5.34.0-3ubuntu1.6", "urgency": "high", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Chrisa Oikonomou ", "date": "Fri, 12 Jun 2026 16:42:26 +0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "perl-modules-5.34", "from_version": { "source_package_name": "perl", "source_package_version": "5.34.0-3ubuntu1.5", "version": "5.34.0-3ubuntu1.5" }, "to_version": { "source_package_name": "perl", "source_package_version": "5.34.0-3ubuntu1.7", "version": "5.34.0-3ubuntu1.7" }, "cves": [ { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" }, { "cve": "CVE-2026-42496", "url": "https://ubuntu.com/security/CVE-2026-42496", "cve_description": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.", "cve_priority": "medium", "cve_public_date": "2026-05-26 02:16:00 UTC" }, { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: integer overflow in regular expression compiler", " - debian/patches/CVE-2026-8376_1.patch: accept quantifier limit error", " on 32-bit architectures where the quantifier limit catches the", " oversized pattern before the overflow guard", " - CVE-2026-8376", "" ], "package": "perl", "version": "5.34.0-3ubuntu1.7", "urgency": "high", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Chrisa Oikonomou ", "date": "Mon, 23 Jun 2026 11:11:00 +0300" }, { "cves": [ { "cve": "CVE-2026-42496", "url": "https://ubuntu.com/security/CVE-2026-42496", "cve_description": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.", "cve_priority": "medium", "cve_public_date": "2026-05-26 02:16:00 UTC" }, { "cve": "CVE-2026-8376", "url": "https://ubuntu.com/security/CVE-2026-8376", "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.", "cve_priority": "medium", "cve_public_date": "2026-05-26 00:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal in Archive::Tar symlink/hardlink extraction", " - debian/patches/CVE-2026-42496.patch: validate symlink and hardlink", " targets against absolute paths and directory traversal in", " cpan/Archive-Tar/lib/Archive/Tar.pm", " - CVE-2026-42496", " * SECURITY UPDATE: integer overflow in regular expression compiler", " - debian/patches/CVE-2026-8376_1.patch: add test cases for heap buffer", " overflow via quantified fixed-string regex in t/re/pat_psycho.t", " - debian/patches/CVE-2026-8376_2.patch: add overflow check before", " fixed-string buffer allocation in regcomp.c / regcomp_study.c", " - CVE-2026-8376", "" ], "package": "perl", "version": "5.34.0-3ubuntu1.6", "urgency": "high", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Chrisa Oikonomou ", "date": "Fri, 12 Jun 2026 16:42:26 +0300" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20260618 to 20260624", "from_series": "jammy", "to_series": "jammy", "from_serial": "20260618", "to_serial": "20260624", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }