 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2018.0047 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2018-0047) |
| Resumen: | The remote host is missing an update for the 'perl, perl-File-Path, perl-MIME-Charset, perl-MIME-EncWords, perl-Module-Build, perl-Module-Load-Conditional, perl-Net-DNS, perl-Sys-Syslog, perl-Unicode-LineBreak, perl-libintl-perl' package(s) announced via the MGASA-2018-0047 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'perl, perl-File-Path, perl-MIME-Charset, perl-MIME-EncWords, perl-Module-Build, perl-Module-Load-Conditional, perl-Net-DNS, perl-Sys-Syslog, perl-Unicode-LineBreak, perl-libintl-perl' package(s) announced via the MGASA-2018-0047 advisory. Vulnerability Insight: John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory (which might be changed to another directory without the user realising) and potentially leading to privilege escalation (CVE-2016-1238). The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value (CVE-2017-6512). Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier (CVE-2017-12837). Jakub Wilk reported a buffer over-read flaw in the regular expression parser, allowing a remote attacker to cause a denial of service or information leak (CVE-2017-12883). The perl-libintl-perl, perl-MIME-Charset, perl-MIME-EncWords, perl-Module-Build, perl-Sys-Syslog, and perl-Unicode-LineBreak packages have been patched and the perl-Module-Load-Conditional and perl-Net-DNS packages have been updated to fix CVE-2016-1238 as well. The perl-File-Path package has also been patched to fix CVE-2017-6512. Affected Software/OS: 'perl, perl-File-Path, perl-MIME-Charset, perl-MIME-EncWords, perl-Module-Build, perl-Module-Load-Conditional, perl-Net-DNS, perl-Sys-Syslog, perl-Unicode-LineBreak, perl-libintl-perl' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-1238 BugTraq ID: 92136 http://www.securityfocus.com/bid/92136 Debian Security Information: DSA-3628 (Google Search) http://www.debian.org/security/2016/dsa-3628 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/ https://security.gentoo.org/glsa/201701-75 https://security.gentoo.org/glsa/201812-07 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html http://www.securitytracker.com/id/1036440 SuSE Security Announcement: openSUSE-SU-2019:1831 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2017-12837 BugTraq ID: 100860 http://www.securityfocus.com/bid/100860 https://bugzilla.redhat.com/show_bug.cgi?id=1492091 https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5 https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 https://rt.perl.org/Public/Bug/Display.html?id=131582 https://security.netapp.com/advisory/ntap-20180426-0001/ Debian Security Information: DSA-3982 (Google Search) http://www.debian.org/security/2017/dsa-3982 https://www.oracle.com/security-alerts/cpujul2020.html Common Vulnerability Exposure (CVE) ID: CVE-2017-12883 BugTraq ID: 100852 http://www.securityfocus.com/bid/100852 http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch https://bugzilla.redhat.com/show_bug.cgi?id=1492093 https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1 https://rt.perl.org/Public/Bug/Display.html?id=131598 Common Vulnerability Exposure (CVE) ID: CVE-2017-6512 BugTraq ID: 99180 http://www.securityfocus.com/bid/99180 Debian Security Information: DSA-3873 (Google Search) http://www.debian.org/security/2017/dsa-3873 https://security.gentoo.org/glsa/201709-12 http://www.securitytracker.com/id/1038610 https://usn.ubuntu.com/3625-1/ https://usn.ubuntu.com/3625-2/ |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |