Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0527)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0527

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0527)

Resumen: The remote host is missing an update for the 'perl, perl-Encode' package(s) announced via the MGASA-2021-0527 advisory.

Descripción: Summary:
The remote host is missing an update for the 'perl, perl-Encode' package(s) announced via the MGASA-2021-0527 advisory.

Vulnerability Insight:
Encode.pm, as distributed in Perl through 5.34.0, allows local users to
gain privileges via a Trojan horse Encode::ConfigLocal library (in the
current working directory) that preempts dynamic module loading.
Exploitation requires an unusual configuration, and certain 2021 versions
of Encode.pm (3.05 through 3.11). This issue occurs because the operator
evaluates @INC in a scalar context, and thus @INC has only an integer value.

Affected Software/OS:
'perl, perl-Encode' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-36770
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/
https://security-tracker.debian.org/tracker/CVE-2021-36770

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0527
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0527)
Resumen:	The remote host is missing an update for the 'perl, perl-Encode' package(s) announced via the MGASA-2021-0527 advisory.
Descripción:	Summary: The remote host is missing an update for the 'perl, perl-Encode' package(s) announced via the MGASA-2021-0527 advisory. Vulnerability Insight: Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the operator evaluates @INC in a scalar context, and thus @INC has only an integer value. Affected Software/OS: 'perl, perl-Encode' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-36770 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/ https://security-tracker.debian.org/tracker/CVE-2021-36770
Copyright	Copyright (C) 2022 Greenbone AG