Originally posted by: janhar

Can you please provide status on the next build which will include fixes for the following CVEs:

CVE-2018-12015  directory traversal in module Archive::Tar Vulnerability range: 5.8.0 - 5.26
                              ** Previous forum update indicates this fix was included in perl-5.28.0-1.aix6.1.ppc.rpm on toolbox
CVE-2018-18311  Integer overflow leading to buffer overflow: Vulnerability range: 5.8.0 - 5.28 (introduced in e658793210)
CVE-2018-18312  Heap-buffer-overflow write / reg_node overrun: Vulnerability range: 5.18 - 5.28
CVE-2018-18313  Heap-buffer-overflow read: Vulnerability range: 5.22 - 5.26 (introduced in b6d67071cc0)
CVE-2018-18314  Heap-based buffer overflow: Vulnerability range: 5.18 - 5.28

Originally posted by: AyappanP

The current version 5.28.0 is affected by two CVEs mentioned here ( CVE-2018-18311 and CVE-2018-18312).

We will shipping the new stable release 5.28.1 soon in AIX Toolbox.

Originally posted by: Kristin M

AyappanP,

Is there an update on when the new stable release 5.28.1 may become available? Thank you.

Originally posted by: AyappanP

Before end of next week.

The point to note here is this is for AIX Toolbox and not for the base lpp perl package. 

Originally posted by: AyappanP

Perl 5.28.1 is available now in AIX Toolbox. 

ftp://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/perl/

One can also use yum to install it.