Test ID:	1.3.6.1.4.1.25623.1.0.60861
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 1556-1 (perl)
Summary:	The remote host is missing an update to perl announced via advisory DSA 1556-1.;; This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1556)' (OID: 1.3.6.1.4.1.25623.1.0.60864).
Description:	Summary: The remote host is missing an update to perl announced via advisory DSA 1556-1. This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1556)' (OID: 1.3.6.1.4.1.25623.1.0.60864). Vulnerability Insight: It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out. For the stable distribution (etch), this problem has been fixed in version 5.8.8-7etch2. The unstable distribution (sid) will be fixed soon. Solution: We recommend that you upgrade your perl packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1927 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 28928 http://www.securityfocus.com/bid/28928 Bugtraq: 20090120 rPSA-2009-0011-1 perl (Google Search) http://www.securityfocus.com/archive/1/500210/100/0/threaded Debian Security Information: DSA-1556 (Google Search) http://www.debian.org/security/2008/dsa-1556 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:100 http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156 http://osvdb.org/44588 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579 http://www.redhat.com/support/errata/RHSA-2008-0522.html http://www.redhat.com/support/errata/RHSA-2008-0532.html http://www.securitytracker.com/id?1020253 http://secunia.com/advisories/29948 http://secunia.com/advisories/30025 http://secunia.com/advisories/30326 http://secunia.com/advisories/30624 http://secunia.com/advisories/31208 http://secunia.com/advisories/31328 http://secunia.com/advisories/31467 http://secunia.com/advisories/31604 http://secunia.com/advisories/31687 http://secunia.com/advisories/33314 http://secunia.com/advisories/33937 SuSE Security Announcement: SUSE-SR:2008:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://www.ubuntu.com/usn/usn-700-1 http://www.ubuntu.com/usn/usn-700-2 http://www.vupen.com/english/advisories/2008/2265/references http://www.vupen.com/english/advisories/2008/2361 http://www.vupen.com/english/advisories/2008/2424 http://www.vupen.com/english/advisories/2009/0422 XForce ISS Database: perl-utf8-dos(41996) https://exchange.xforce.ibmcloud.com/vulnerabilities/41996
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.