ActiveState’s commercially supported Perl distribution is used by millions of developers worldwide, and is 100% compatible with open source Perl. ActiveState continues to provide security updates for many versions of the core language beyond the community EOL date.
Why is this important? Because the Perl Steering Committee has recently identified and patched two new major vulnerabilities:
- CVE-2023-47038 – Write past buffer end via illegal user-defined Unicode property
- CVE-2023-47039 – Perl for Windows binary hijacking vulnerability
The good news is we’ve already backported the newly released patches to Perl 5.22 and beyond! Here’s what to do next. If you are:
- On the ActiveState Platform Free Tier or using a Community Edition Perl installer and are concerned about these CVEs, contact us.
- On the ActiveState Platform Team or Enterprise Tier, login to the Platform and download the patched versions for 5.32-5.38 for all supported OS (Windows, Mac, Linux)
- On the ActiveState Platform Team or Enterprise Tier but do not have access to end-of-life version support for Perl, contact us.
Protect your Perl. The Perl language developers uncovered crucial information regarding two vulnerabilities in recent language releases. Learn more about safeguarding your Perl environment.
