Test ID:	1.3.6.1.4.1.25623.1.0.70457
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2011:1424
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2011:1424. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939) It was found that the new constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597) All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1424.html Risk factor : Medium
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2939 46172 http://secunia.com/advisories/46172 46989 http://secunia.com/advisories/46989 49858 http://www.securityfocus.com/bid/49858 51457 http://secunia.com/advisories/51457 55314 http://secunia.com/advisories/55314 MDVSA-2012:008 http://www.mandriva.com/security/advisories?name=MDVSA-2012:008 RHSA-2011:1424 http://www.redhat.com/support/errata/RHSA-2011-1424.html USN-1643-1 http://www.ubuntu.com/usn/USN-1643-1 [oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string http://www.openwall.com/lists/oss-security/2011/08/18/8 [oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string http://www.openwall.com/lists/oss-security/2011/08/19/17 http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29 https://bugzilla.redhat.com/show_bug.cgi?id=731246 Common Vulnerability Exposure (CVE) ID: CVE-2011-3597 46279 http://secunia.com/advisories/46279 49911 http://www.securityfocus.com/bid/49911 MDVSA-2012:009 http://www.mandriva.com/security/advisories?name=MDVSA-2012:009 RHSA-2011:1797 http://www.redhat.com/support/errata/RHSA-2011-1797.html http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 https://bugzilla.redhat.com/show_bug.cgi?id=743010 oval:org.mitre.oval:def:19446 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.