HCE2-SA-2024-0021 Important HCE 2.0 Security Fix(es): Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed. (CVE-2023-47039) A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer. (CVE-2023-47038) HCE 2.0 perl-5.34.0-3.r12.hce2.aarch64.rpm perl-devel-5.34.0-3.r12.hce2.aarch64.rpm perl-help-5.34.0-3.r12.hce2.noarch.rpm perl-libs-5.34.0-3.r12.hce2.aarch64.rpm perl-5.34.0-3.r12.hce2.x86_64.rpm perl-devel-5.34.0-3.r12.hce2.x86_64.rpm perl-libs-5.34.0-3.r12.hce2.x86_64.rpm