Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2018.0047
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2018-0047)
Zusammenfassung:	The remote host is missing an update for the 'perl, perl-File-Path, perl-MIME-Charset, perl-MIME-EncWords, perl-Module-Build, perl-Module-Load-Conditional, perl-Net-DNS, perl-Sys-Syslog, perl-Unicode-LineBreak, perl-libintl-perl' package(s) announced via the MGASA-2018-0047 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'perl, perl-File-Path, perl-MIME-Charset, perl-MIME-EncWords, perl-Module-Build, perl-Module-Load-Conditional, perl-Net-DNS, perl-Sys-Syslog, perl-Unicode-LineBreak, perl-libintl-perl' package(s) announced via the MGASA-2018-0047 advisory. Vulnerability Insight: John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory (which might be changed to another directory without the user realising) and potentially leading to privilege escalation (CVE-2016-1238). The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value (CVE-2017-6512). Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier (CVE-2017-12837). Jakub Wilk reported a buffer over-read flaw in the regular expression parser, allowing a remote attacker to cause a denial of service or information leak (CVE-2017-12883). The perl-libintl-perl, perl-MIME-Charset, perl-MIME-EncWords, perl-Module-Build, perl-Sys-Syslog, and perl-Unicode-LineBreak packages have been patched and the perl-Module-Load-Conditional and perl-Net-DNS packages have been updated to fix CVE-2016-1238 as well. The perl-File-Path package has also been patched to fix CVE-2017-6512. Affected Software/OS: 'perl, perl-File-Path, perl-MIME-Charset, perl-MIME-EncWords, perl-Module-Build, perl-Module-Load-Conditional, perl-Net-DNS, perl-Sys-Syslog, perl-Unicode-LineBreak, perl-libintl-perl' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1238 BugTraq ID: 92136 http://www.securityfocus.com/bid/92136 Debian Security Information: DSA-3628 (Google Search) http://www.debian.org/security/2016/dsa-3628 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/ https://security.gentoo.org/glsa/201701-75 https://security.gentoo.org/glsa/201812-07 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html http://www.securitytracker.com/id/1036440 SuSE Security Announcement: openSUSE-SU-2019:1831 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2017-12837 BugTraq ID: 100860 http://www.securityfocus.com/bid/100860 https://bugzilla.redhat.com/show_bug.cgi?id=1492091 https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5 https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 https://rt.perl.org/Public/Bug/Display.html?id=131582 https://security.netapp.com/advisory/ntap-20180426-0001/ Debian Security Information: DSA-3982 (Google Search) http://www.debian.org/security/2017/dsa-3982 https://www.oracle.com/security-alerts/cpujul2020.html Common Vulnerability Exposure (CVE) ID: CVE-2017-12883 BugTraq ID: 100852 http://www.securityfocus.com/bid/100852 http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch https://bugzilla.redhat.com/show_bug.cgi?id=1492093 https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1 https://rt.perl.org/Public/Bug/Display.html?id=131598 Common Vulnerability Exposure (CVE) ID: CVE-2017-6512 BugTraq ID: 99180 http://www.securityfocus.com/bid/99180 Debian Security Information: DSA-3873 (Google Search) http://www.debian.org/security/2017/dsa-3873 https://security.gentoo.org/glsa/201709-12 http://www.securitytracker.com/id/1038610 https://usn.ubuntu.com/3625-1/ https://usn.ubuntu.com/3625-2/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.