Test ID:	1.3.6.1.4.1.25623.1.0.120565
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2011-19)
Summary:	The remote host is missing an update for the 'perl' package(s) announced via the ALAS-2011-19 advisory.
Description:	Summary: The remote host is missing an update for the 'perl' package(s) announced via the ALAS-2011-19 advisory. Vulnerability Insight: A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939) It was found that the 'new' constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597) Affected Software/OS: 'perl' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2939 46172 http://secunia.com/advisories/46172 46989 http://secunia.com/advisories/46989 49858 http://www.securityfocus.com/bid/49858 51457 http://secunia.com/advisories/51457 55314 http://secunia.com/advisories/55314 MDVSA-2012:008 http://www.mandriva.com/security/advisories?name=MDVSA-2012:008 RHSA-2011:1424 http://www.redhat.com/support/errata/RHSA-2011-1424.html USN-1643-1 http://www.ubuntu.com/usn/USN-1643-1 [oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string http://www.openwall.com/lists/oss-security/2011/08/18/8 [oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string http://www.openwall.com/lists/oss-security/2011/08/19/17 http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29 https://bugzilla.redhat.com/show_bug.cgi?id=731246 Common Vulnerability Exposure (CVE) ID: CVE-2011-3597 46279 http://secunia.com/advisories/46279 49911 http://www.securityfocus.com/bid/49911 MDVSA-2012:009 http://www.mandriva.com/security/advisories?name=MDVSA-2012:009 RHSA-2011:1797 http://www.redhat.com/support/errata/RHSA-2011-1797.html http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 https://bugzilla.redhat.com/show_bug.cgi?id=743010 oval:org.mitre.oval:def:19446 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.