Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0406)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0406

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0406)

Resumen: The remote host is missing an update for the 'perl' package(s) announced via the MGASA-2014-0406 advisory.

Descripción: Summary:
The remote host is missing an update for the 'perl' package(s) announced via the MGASA-2014-0406 advisory.

Vulnerability Insight:
Updated perl package fixes security vulnerability:

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and
earlier, allows context-dependent attackers to cause a denial of service
(stack consumption and crash) via an Array-Reference with many nested
Array-References, which triggers a large number of recursive calls to the
DD_dump function (CVE-2014-4330).

Also, the Text::Wrap version provided in perl contains a bug that can lead
to a code path that shouldn't be hit. This can lead to crashes in other
software, such as Bugzilla.

The Text::Wrap module bundled with Perl has been patched and the
Data::Dumper module bundled with Perl has been updated to fix these issues.

Affected Software/OS:
'perl' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-4330
BugTraq ID: 70142
http://www.securityfocus.com/bid/70142
Bugtraq: 20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow (Google Search)
http://www.securityfocus.com/archive/1/533543/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html
http://seclists.org/fulldisclosure/2014/Sep/84
http://www.mandriva.com/security/advisories?name=MDVSA-2015:136
http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html
http://seclists.org/oss-sec/2014/q3/692
http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html
http://secunia.com/advisories/61441
http://secunia.com/advisories/61961
http://www.ubuntu.com/usn/USN-2916-1
XForce ISS Database: perl-cve20144330-dos(96216)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96216

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0406
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0406)
Resumen:	The remote host is missing an update for the 'perl' package(s) announced via the MGASA-2014-0406 advisory.
Descripción:	Summary: The remote host is missing an update for the 'perl' package(s) announced via the MGASA-2014-0406 advisory. Vulnerability Insight: Updated perl package fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function (CVE-2014-4330). Also, the Text::Wrap version provided in perl contains a bug that can lead to a code path that shouldn't be hit. This can lead to crashes in other software, such as Bugzilla. The Text::Wrap module bundled with Perl has been patched and the Data::Dumper module bundled with Perl has been updated to fix these issues. Affected Software/OS: 'perl' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4330 BugTraq ID: 70142 http://www.securityfocus.com/bid/70142 Bugtraq: 20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow (Google Search) http://www.securityfocus.com/archive/1/533543/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html http://seclists.org/fulldisclosure/2014/Sep/84 http://www.mandriva.com/security/advisories?name=MDVSA-2015:136 http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html http://seclists.org/oss-sec/2014/q3/692 http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html http://secunia.com/advisories/61441 http://secunia.com/advisories/61961 http://www.ubuntu.com/usn/USN-2916-1 XForce ISS Database: perl-cve20144330-dos(96216) https://exchange.xforce.ibmcloud.com/vulnerabilities/96216
Copyright	Copyright (C) 2022 Greenbone AG