Red Hat Security Advisory 2024-10219-03 - An update for the perl-App-cpanminus:1.7044 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.
94a400e3c3cfb3351cf4a1d4d1beeaaf214131979f39922e6b752f0f22db42b1Red Hat Security Advisory 2024-10218-03 - An update for perl-App-cpanminus is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
7659ebc3d87aa11336e0c577c34f96db4f463c8fe7b47e38a0c238785d5d22aeDebian Linux Security Advisory 5816-1 - The Qualys Threat Research Unit discovered that libmodule-scandeps-perl, a Perl module to recursively scan Perl code for dependencies, allows an attacker to execute arbitrary shell commands via specially crafted file names.
be57e41b4a34c57cf7b234b08605df86cb03fd9a15befc05712e6544727af3bbDebian Linux Security Advisory 5815-1 - The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable (CVE-2024-48992). Additionally a local attacker can trick needrestart into running a fake Python interpreter (CVE-2024-48991) or cause needrestart to call the Perl module Module::ScanDeps with attacker-controlled files (CVE-2024-11003).
5e41b21d2bd83511831c10a278bb8fee7846b092ba4f682ead33f207de7216f3Ubuntu Security Notice 7117-1 - Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed perl code. This could allow a local attacker to execute arbitrary shell commands.
243f9908492121d33be291aab7ae169001482e1d128c0417a2f83b5ed1d56c6eGentoo Linux Security Advisory 202411-9 - Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 5.38.2 are affected.
3595d9ddc5c7b57b0fc6a001f6671c27b47cdadd1a00fb459436bae50b95624cRed Hat Security Advisory 2024-4430-03 - An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
135e64515b9f522aeeeed8c0a5e57a0388c48d6ba6fc17341c01fc847ddfc12eRed Hat Security Advisory 2024-3128-03 - An update for the perl:5.32 module is now available for Red Hat Enterprise Linux 8.
c2094c5fc393806a655d29bc2d8dbfc8fd5df47ae87729842302005c927bcd0aRed Hat Security Advisory 2024-3094-03 - An update for perl-CPAN is now available for Red Hat Enterprise Linux 8.
13615df09164150ed5faa023c8594def1086ce8ab4a191b4c565e1c3b13313dfRed Hat Security Advisory 2024-3049-03 - An update for perl-Convert-ASN1 is now available for Red Hat Enterprise Linux 8.
8b4f4a3430e3477682beae37421bb92f3a5bf91504c5c78cbced14cbb58c19aaRed Hat Security Advisory 2024-2228-03 - An update for perl is now available for Red Hat Enterprise Linux 9.
f7209848142eb73cfbed9a6b93fc2ccb4acef52c4166e78f6eb6041ab14aff8fRed Hat Security Advisory 2024-0579-03 - An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
305dc2f086ab6e0e53625586d951b53484607a613c38d21f967e4be258a875b9Red Hat Security Advisory 2024-0422-03 - An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
e4957a0a123d4ead65bccbb63ecc1372120a026d69b2cd8599a332bb5bf561d2Debian Linux Security Advisory 5592-1 - It was discovered that missing input sanitising in libspreadsheet-parseexcel-perl, a Perl module to access information from Excel Spreadsheets, may result in the execution of arbitrary commands if a specially crafted document file is processed.
7d23a9860de7e59f8baaffb3498f2f33d7b8adfb4ff3419757d1cd86d14be29eUbuntu Security Notice 6517-1 - It was discovered that Perl incorrectly handled printing certain warning messages. An attacker could possibly use this issue to cause Perl to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. Nathan Mills discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code.
b953160fa68551de0614ddff05b5f92f80ad78745472a71f3f2dfb71e97c2f1aRed Hat Security Advisory 2023-7174-01 - An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 8.
a9d228aec6f82ddbb9aaf4c8f5bd5ea3b01b24c9420d262f8622d2f6fd297e7eRed Hat Security Advisory 2023-6542-01 - An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 9.
69562b18cbea6f574f9168eb72d9dfb596e9e0e6b79ae6307890828b6e2423d7Red Hat Security Advisory 2023-6539-01 - An update for perl-CPAN is now available for Red Hat Enterprise Linux 9.
3c551da096802673e0c0571e38a559884e4f4980d4c4ad418c8ab0795d92017cUbuntu Security Notice 6112-2 - USN-6112-1 fixed vulnerabilities in Perl. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules.
88d292c5cea590c61b6c43300276011b2ed5acec94fe889627c267568b5a9cf4Ubuntu Security Notice 6112-1 - It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules.
2cf6be1799272567464ae27a04638f2c3ef401074d8a57989082ac295dc2119bRed Hat Security Advisory 2023-2969-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. Issues addressed include memory leak and null pointer vulnerabilities.
346deac59da79643700ed12bedb47e1383d4a31ba08328abd954d72fa08195c3Red Hat Security Advisory 2023-2444-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. Issues addressed include memory leak and null pointer vulnerabilities.
a6456725d96e9e7f7c0565d5e5f77aff28e12f9e7de2bb06291dd17529e1b756Debian Linux Security Advisory 5339-1 - Ikeda Soji reported that libhtml-stripscripts-perl, a Perl module for removing scripts from HTML, is prone to a regular expression denial of service, due to catastrophic backtracking for HTML content with specially crafted style attributes.
bf8cb8b66ff079009ce37d09bcafe99b7218495bbb1c7dae58b492f0c5bb6b15Ubuntu Security Notice 5689-2 - USN-5689-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 22.10. It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification.
9c5f64f6ea6b671dac5426645ac570bc296b6ea28163623f578cc062704d0782Ubuntu Security Notice 5689-1 - It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification.
54c698882ac8eb6c62825aaee40ad5ea9f2313cfb44d044e5997a2486d0988ef
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed