Test ID:	1.3.6.1.4.1.25623.1.0.842672
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2916-1)
Summary:	The remote host is missing an update for the 'perl' package(s) announced via the USN-2916-1 advisory.
Description:	Summary: The remote host is missing an update for the 'perl' package(s) announced via the USN-2916-1 advisory. Vulnerability Insight: It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-7422) Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An attacker could use this issue to cause Perl to consume memory and crash, resulting in a denial of service. (CVE-2014-4330) Stephane Chazelas discovered that Perl incorrectly handled duplicate environment variables. An attacker could possibly use this issue to bypass the taint protection mechanism. (CVE-2016-2381) Affected Software/OS: 'perl' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 15.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7422 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 75704 http://www.securityfocus.com/bid/75704 https://security.gentoo.org/glsa/201507-11 http://www.ubuntu.com/usn/USN-2916-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-4330 BugTraq ID: 70142 http://www.securityfocus.com/bid/70142 Bugtraq: 20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow (Google Search) http://www.securityfocus.com/archive/1/533543/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html http://seclists.org/fulldisclosure/2014/Sep/84 http://www.mandriva.com/security/advisories?name=MDVSA-2015:136 http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html http://seclists.org/oss-sec/2014/q3/692 http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html http://secunia.com/advisories/61441 http://secunia.com/advisories/61961 XForce ISS Database: perl-cve20144330-dos(96216) https://exchange.xforce.ibmcloud.com/vulnerabilities/96216 Common Vulnerability Exposure (CVE) ID: CVE-2016-2381 BugTraq ID: 83802 http://www.securityfocus.com/bid/83802 http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 Debian Security Information: DSA-3501 (Google Search) http://www.debian.org/security/2016/dsa-3501 https://security.gentoo.org/glsa/201701-75 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujul2020.html http://www.gossamer-threads.com/lists/perl/porters/326387 SuSE Security Announcement: openSUSE-SU-2016:0881 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.