Vulnerabilities > CVE-2018-18313 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
perl
canonical
debian
redhat
netapp
apple
CWE-125
critical
nessus

Summary

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

Vulnerable Configurations

Part Description Count
Application
Perl
421
Application
Netapp
10
OS
Canonical
5
OS
Debian
1
OS
Redhat
5
OS
Apple
158

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-CA03363D57.NASL
    descriptionSecurity fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and CVE-2018-18314 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120786
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120786
    titleFedora 28 : 4:perl (2018-ca03363d57)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-ca03363d57.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120786);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314");
      script_xref(name:"FEDORA", value:"2018-ca03363d57");
    
      script_name(english:"Fedora 28 : 4:perl (2018-ca03363d57)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and
    CVE-2018-18314
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-ca03363d57"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 4:perl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:4:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"perl-5.26.3-415.fc28", epoch:"4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "4:perl");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3834-1.NASL
    descriptionJayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313) Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-13
    modified2018-12-04
    plugin id119337
    published2018-12-04
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119337
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : perl vulnerabilities (USN-3834-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3834-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119337);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/19");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314");
      script_xref(name:"USN", value:"3834-1");
      script_xref(name:"IAVA", value:"2018-A-0407-S");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : perl vulnerabilities (USN-3834-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Jayakrishna Menon discovered that Perl incorrectly handled
    Perl_my_setenv. An attacker could use this issue to cause Perl to
    crash, resulting in a denial of service, or possibly execute arbitrary
    code. (CVE-2018-18311)
    
    Eiichi Tsukata discovered that Perl incorrectly handled certain
    regular expressions. An attacker could use this issue to cause Perl to
    crash, resulting in a denial of service, or possibly execute arbitrary
    code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and
    Ubuntu 18.10. (CVE-2018-18312)
    
    Eiichi Tsukata discovered that Perl incorrectly handled certain
    regular expressions. An attacker could use this issue to cause Perl to
    crash, resulting in a denial of service. (CVE-2018-18313)
    
    Jakub Wilk discovered that Perl incorrectly handled certain regular
    expressions. An attacker could use this issue to cause Perl to crash,
    resulting in a denial of service. This issue only affected Ubuntu
    16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3834-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected perl package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|18\.04|18\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 18.04 / 18.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"perl", pkgver:"5.18.2-2ubuntu1.7")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"perl", pkgver:"5.22.1-9ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"perl", pkgver:"5.26.1-6ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"perl", pkgver:"5.26.2-7ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201909-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201909-01 (Perl: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id128590
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128590
    titleGLSA-201909-01 : Perl: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201909-01.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128590);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314", "CVE-2018-6797", "CVE-2018-6798", "CVE-2018-6913");
      script_xref(name:"GLSA", value:"201909-01");
    
      script_name(english:"GLSA-201909-01 : Perl: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201909-01
    (Perl: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Perl. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        Please review the referenced CVE identifiers for details.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201909-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Perl users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/perl-5.28.2'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/perl", unaffected:make_list("ge 5.28.2"), vulnerable:make_list("lt 5.28.2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1029.NASL
    descriptionThis update for perl fixes the following issues : Secuirty issues fixed : - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123159
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123159
    titleopenSUSE Security Update : perl (openSUSE-2019-1029)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1029.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123159);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/31");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314");
    
      script_name(english:"openSUSE Security Update : perl (openSUSE-2019-1029)");
      script_summary(english:"Check for the openSUSE-2019-1029 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for perl fixes the following issues :
    
    Secuirty issues fixed :
    
      - CVE-2018-18311: Fixed integer overflow with oversize
        environment (bsc#1114674).
    
      - CVE-2018-18312: Fixed heap-buffer-overflow write /
        reg_node overrun (bsc#1114675).
    
      - CVE-2018-18313: Fixed heap-buffer-overflow read if regex
        contains \0 chars (bsc#1114681).
    
      - CVE-2018-18314: Fixed heap-buffer-overflow in regex
        (bsc#1114686).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114686"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected perl packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"perl-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"perl-base-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"perl-base-debuginfo-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"perl-debuginfo-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"perl-debugsource-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-32bit-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-32bit-debuginfo-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-base-32bit-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-base-32bit-debuginfo-5.26.1-lp150.6.6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-32bit / perl-32bit-debuginfo / perl / perl-base-32bit / etc");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_14_4.NASL
    descriptionThe remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.4. It is, therefore, affected by multiple vulnerabilities, including: - Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges. (CVE-2019-8508) - An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8529) - A malicious application may be able to execute arbitrary code with system privileges (CVE-2019-8549)
    last seen2020-06-01
    modified2020-06-02
    plugin id123128
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123128
    titlemacOS 10.14.x < 10.14.4 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123128);
      script_version("1.7");
      script_cvs_date("Date: 2020/01/31");
    
      script_cve_id(
        "CVE-2018-12015",
        "CVE-2018-18311",
        "CVE-2018-18313",
        "CVE-2019-6207",
        "CVE-2019-6237",
        "CVE-2019-6239",
        "CVE-2019-7293",
        "CVE-2019-8502",
        "CVE-2019-8504",
        "CVE-2019-8507",
        "CVE-2019-8508",
        "CVE-2019-8510",
        "CVE-2019-8511",
        "CVE-2019-8513",
        "CVE-2019-8514",
        "CVE-2019-8516",
        "CVE-2019-8517",
        "CVE-2019-8519",
        "CVE-2019-8520",
        "CVE-2019-8521",
        "CVE-2019-8522",
        "CVE-2019-8526",
        "CVE-2019-8527",
        "CVE-2019-8529",
        "CVE-2019-8530",
        "CVE-2019-8533",
        "CVE-2019-8537",
        "CVE-2019-8540",
        "CVE-2019-8542",
        "CVE-2019-8545",
        "CVE-2019-8546",
        "CVE-2019-8549",
        "CVE-2019-8550",
        "CVE-2019-8552",
        "CVE-2019-8555",
        "CVE-2019-8561",
        "CVE-2019-8565"
      );
      script_bugtraq_id(104423, 106072, 106145);
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-3-25-2");
    
      script_name(english:"macOS 10.14.x < 10.14.4 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of Mac OS X / macOS.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS update that fixes multiple security
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of macOS / Mac OS X that is
    10.14.x prior to 10.14.4. It is, therefore, affected by multiple
    vulnerabilities, including:
    
      - Mounting a maliciously crafted NFS network share may lead to
        arbitrary code execution with system privileges. (CVE-2019-8508)
    
      - An application may be able to execute arbitrary code with kernel
        privileges. (CVE-2019-8529)
    
      - A malicious application may be able to execute arbitrary code
        with system privileges (CVE-2019-8549)");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209600");
      # https://lists.apple.com/archives/security-announce/2019/Mar/msg00001.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?71533e9d");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to macOS version 10.14.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8527");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Feedback Assistant Race Condition');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
      script_require_ports("Host/MacOSX/Version", "Host/OS");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    fix = "10.14.4";
    minver = "10.14";
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item_or_exit("Host/OS");
      if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
    }
    if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");
    
    matches = pregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
    if (empty_or_null(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "').");
    
    version = matches[1];
    
    if (ver_compare(ver:version, minver:minver, fix:fix, strict:FALSE) == -1)
    {
      security_report_v4(
        port:0,
        severity:SECURITY_HOLE,
        extra:
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fix +
          '\n'
      );
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_SECUPD_10_13_6_2019-002.NASL
    descriptionThe remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8529) - A local user may be able to read kernel memory. (CVE-2019-8504) - A malicious application may be able to determine kernel memory layout. (CVE-2019-6207, CVE-2019-8510) - 802.1X - DiskArbitration - Feedback Assistant - IOKit - IOKit SCSI - Kernel - PackageKit - Perl - Security - Time Machine - Wi-Fi
    last seen2020-03-18
    modified2019-03-27
    plugin id123130
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123130
    titlemacOS 10.13.6 Multiple Vulnerabilities (Security Update 2019-002)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123130);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");
    
      script_cve_id(
        "CVE-2018-12015",
        "CVE-2018-18311",
        "CVE-2018-18313",
        "CVE-2019-6207",
        "CVE-2019-8504",
        "CVE-2019-8510",
        "CVE-2019-8513",
        "CVE-2019-8520",
        "CVE-2019-8521",
        "CVE-2019-8522",
        "CVE-2019-8526",
        "CVE-2019-8527",
        "CVE-2019-8529",
        "CVE-2019-8555",
        "CVE-2019-8561",
        "CVE-2019-8564"
      );
      script_bugtraq_id(104423, 106072, 106145);
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-3-25-2");
    
      script_name(english:"macOS 10.13.6 Multiple Vulnerabilities (Security Update 2019-002)");
      script_summary(english:"Checks for the presence of Security Update 2019-002 (APPLE-SA-2019-3-25-2)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS security update that fixes
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running macOS 10.13.6 and is missing a security
    update. It is therefore, affected by multiple vulnerabilities
    including:
    
      - An application may be able to execute arbitrary code with kernel
        privileges. (CVE-2019-8529)
    
      - A local user may be able to read kernel memory. (CVE-2019-8504)
    
      - A malicious application may be able to determine kernel memory
        layout. (CVE-2019-6207, CVE-2019-8510)
    
      - 802.1X
      - DiskArbitration
      - Feedback Assistant
      - IOKit
      - IOKit SCSI
      - Kernel
      - PackageKit
      - Perl
      - Security
      - Time Machine
      - Wi-Fi");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209600");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209635");
      # https://lists.apple.com/archives/security-announce/2019/Mar/msg00001.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?71533e9d");
      script_set_attribute(attribute:"solution", value:
    "Install Security Update 2019-002 or later for 10.13.6.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8527");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");
    
      exit(0);
    }
    
    include('lists.inc');
    include('vcf.inc');
    include('vcf_extras_apple.inc');
    
    app_info = vcf::apple::macos::get_app_info();
    
    constraints = [
      { 'min_version' : '10.13', 'max_version' : '10.13.6', 'fixed_build': '17G6029', 'fixed_display' : '10.13.6 Security Update 2019-002' }
    ];
    vcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_SECUPD_10_12_6_2019-002.NASL
    descriptionThe remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8555) - A malicious application may be able to determine kernel memory layout. (CVE-2019-6207, CVE-2019-8510) - A malicious application may be able to read restricted memory. (CVE-2019-8520) - 802.1X - DiskArbitration - Feedback Assistant - IOKit - IOKit SCSI - Kernel - PackageKit - Perl - Security - Time Machine - Wi-Fi
    last seen2020-06-01
    modified2020-06-02
    plugin id123129
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123129
    titlemacOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-002)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123129);
      script_version("1.8");
      script_cvs_date("Date: 2020/01/31");
    
      script_cve_id(
        "CVE-2018-12015",
        "CVE-2018-18311",
        "CVE-2018-18313",
        "CVE-2019-6207",
        "CVE-2019-8508",
        "CVE-2019-8510",
        "CVE-2019-8513",
        "CVE-2019-8520",
        "CVE-2019-8521",
        "CVE-2019-8522",
        "CVE-2019-8526",
        "CVE-2019-8527",
        "CVE-2019-8530",
        "CVE-2019-8540",
        "CVE-2019-8555",
        "CVE-2019-8561",
        "CVE-2019-8564"
      );
      script_bugtraq_id(104423, 106072, 106145);
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-3-25-2");
    
      script_name(english:"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-002)");
      script_summary(english:"Checks for the presence of Security Update 2019-002.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS or Mac OS X security update that
    fixes multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running Mac OS X 10.12.6 and is missing a security
    update. It is therefore, affected by multiple vulnerabilities
    including:
    
      - A malicious application may be able to execute arbitrary code
        with kernel privileges. (CVE-2019-8555)
    
      - A malicious application may be able to determine kernel memory
        layout. (CVE-2019-6207, CVE-2019-8510)
    
      - A malicious application may be able to read restricted memory.
        (CVE-2019-8520)
    
      - 802.1X
      - DiskArbitration
      - Feedback Assistant
      - IOKit
      - IOKit SCSI
      - Kernel
      - PackageKit
      - Perl
      - Security
      - Time Machine
      - Wi-Fi");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209600");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209635");
      # https://lists.apple.com/archives/security-announce/2019/Mar/msg00001.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?71533e9d");
      script_set_attribute(attribute:"solution", value:
    "Install Security Update 2019-002 or later for 10.12.x.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8527");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Compare 2 patch numbers to determine if patch requirements are satisfied.
    # Return true if this patch or a later patch is applied
    # Return false otherwise
    function check_patch(year, number)
    {
      local_var p_split = split(patch, sep:"-");
      local_var p_year  = int( p_split[0]);
      local_var p_num   = int( p_split[1]);
    
      if (year >  p_year) return TRUE;
      else if (year <  p_year) return FALSE;
      else if (number >=  p_num) return TRUE;
      else return FALSE;
    }
    
    get_kb_item_or_exit("Host/local_checks_enabled");
    os = get_kb_item_or_exit("Host/MacOSX/Version");
    
    if (!preg(pattern:"Mac OS X 10\.12\.6([^0-9]|$)", string:os))
      audit(AUDIT_OS_NOT, "Mac OS X 10.12.6");
    
    patch = "2019-002";
    
    packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1);
    sec_boms_report = pgrep(
      pattern:"^com\.apple\.pkg\.update\.(security\.|os\.SecUpd).*bom$",
      string:packages
    );
    sec_boms = split(sec_boms_report, sep:'\n');
    
    foreach package (sec_boms)
    {
      # Grab patch year and number
      matches = pregmatch(pattern:"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]", string:package);
      if (empty_or_null(matches)) continue;
      if (empty_or_null(matches[1]) || empty_or_null(matches[2]))
        continue;
    
      patch_found = check_patch(year:int(matches[1]), number:int(matches[2]));
      if (patch_found) exit(0, "The host has Security Update " + patch + " or later installed and is therefore not affected.");
    }
    
    report =  '\n  Missing security update : ' + patch;
    report += '\n  Installed security BOMs : ';
    if (sec_boms_report) report += str_replace(find:'\n', replace:'\n                            ', string:sec_boms_report);
    else report += 'n/a';
    report += '\n';
    
    security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4347.NASL
    descriptionMultiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv leading to a heap-based buffer overflow with attacker-controlled input. - CVE-2018-18312 Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow write during compilation, potentially allowing arbitrary code execution. - CVE-2018-18313 Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow read during compilation which leads to information leak. - CVE-2018-18314 Jakub Wilk discovered that a specially crafted regular expression could lead to a heap-based buffer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id119290
    published2018-11-30
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119290
    titleDebian DSA-4347-1 : perl - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4347. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119290);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/19");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314");
      script_xref(name:"DSA", value:"4347");
      script_xref(name:"IAVA", value:"2018-A-0407-S");
    
      script_name(english:"Debian DSA-4347-1 : perl - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Multiple vulnerabilities were discovered in the implementation of the
    Perl programming language. The Common Vulnerabilities and Exposures
    project identifies the following problems :
    
      - CVE-2018-18311
        Jayakrishna Menon and Christophe Hauser discovered an
        integer overflow vulnerability in Perl_my_setenv leading
        to a heap-based buffer overflow with attacker-controlled
        input.
    
      - CVE-2018-18312
        Eiichi Tsukata discovered that a crafted regular
        expression could cause a heap-based buffer overflow
        write during compilation, potentially allowing arbitrary
        code execution.
    
      - CVE-2018-18313
        Eiichi Tsukata discovered that a crafted regular
        expression could cause a heap-based buffer overflow read
        during compilation which leads to information leak.
    
      - CVE-2018-18314
        Jakub Wilk discovered that a specially crafted regular
        expression could lead to a heap-based buffer overflow."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-18311"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-18312"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-18313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-18314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/perl"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/perl"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2018/dsa-4347"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Upgrade the perl packages.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 5.24.1-3+deb9u5."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"libperl-dev", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"libperl5.24", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"perl", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"perl-base", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"perl-debug", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"perl-doc", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"perl-modules-5.24", reference:"5.24.1-3+deb9u5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4187-1.NASL
    descriptionThis update for perl fixes the following issues : Secuirty issues fixed : CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120189
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120189
    titleSUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2018:4187-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:4187-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120189);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2018:4187-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for perl fixes the following issues :
    
    Secuirty issues fixed :
    
    CVE-2018-18311: Fixed integer overflow with oversize environment
    (bsc#1114674).
    
    CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun
    (bsc#1114675).
    
    CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0
    chars (bsc#1114681).
    
    CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114686"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18311/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18312/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18313/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18314/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20184187-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1f588e88"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Development Tools 15:zypper in -t
    patch SUSE-SLE-Module-Development-Tools-15-2018-2984=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2018-2984=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-base-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-32bit-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"perl-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"perl-base-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"perl-base-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"perl-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"perl-debugsource-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"perl-32bit-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"perl-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"perl-base-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"perl-base-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"perl-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"perl-debugsource-5.26.1-7.6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1595.NASL
    descriptionThis update for perl fixes the following issues : Secuirty issues fixed : - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-12-24
    plugin id119863
    published2018-12-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119863
    titleopenSUSE Security Update : perl (openSUSE-2018-1595)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-9DBE983805.NASL
    descriptionSecurity fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and CVE-2018-18314 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120656
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120656
    titleFedora 29 : 4:perl (2018-9dbe983805)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0135_PERL.NASL
    descriptionAn update of the perl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122912
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122912
    titlePhoton OS 2.0: Perl PHSA-2019-2.0-0135
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0212_PERL.NASL
    descriptionAn update of the perl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122923
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122923
    titlePhoton OS 1.0: Perl PHSA-2019-1.0-0212

Redhat

advisories
  • rhsa
    idRHSA-2019:0001
  • rhsa
    idRHSA-2019:0010
rpms
  • rh-perl526-perl-4:5.26.3-405.el7
  • rh-perl526-perl-Attribute-Handlers-0:0.99-405.el7
  • rh-perl526-perl-Devel-Peek-0:1.26-405.el7
  • rh-perl526-perl-Devel-SelfStubber-0:1.06-405.el7
  • rh-perl526-perl-Errno-0:1.28-405.el7
  • rh-perl526-perl-ExtUtils-Embed-0:1.34-405.el7
  • rh-perl526-perl-ExtUtils-Miniperl-0:1.06-405.el7
  • rh-perl526-perl-IO-0:1.38-405.el7
  • rh-perl526-perl-IO-Zlib-1:1.10-405.el7
  • rh-perl526-perl-Locale-Maketext-Simple-1:0.21-405.el7
  • rh-perl526-perl-Math-Complex-0:1.59-405.el7
  • rh-perl526-perl-Memoize-0:1.03-405.el7
  • rh-perl526-perl-Module-CoreList-1:5.20181130-1.el7
  • rh-perl526-perl-Module-CoreList-tools-1:5.20181130-1.el7
  • rh-perl526-perl-Module-Loaded-1:0.08-405.el7
  • rh-perl526-perl-Net-Ping-0:2.55-405.el7
  • rh-perl526-perl-Pod-Html-0:1.22.02-405.el7
  • rh-perl526-perl-SelfLoader-0:1.23-405.el7
  • rh-perl526-perl-Test-0:1.30-405.el7
  • rh-perl526-perl-Time-Piece-0:1.31-405.el7
  • rh-perl526-perl-debuginfo-4:5.26.3-405.el7
  • rh-perl526-perl-devel-4:5.26.3-405.el7
  • rh-perl526-perl-interpreter-4:5.26.3-405.el7
  • rh-perl526-perl-libnetcfg-4:5.26.3-405.el7
  • rh-perl526-perl-libs-4:5.26.3-405.el7
  • rh-perl526-perl-macros-4:5.26.3-405.el7
  • rh-perl526-perl-open-0:1.11-405.el7
  • rh-perl526-perl-tests-4:5.26.3-405.el7
  • rh-perl526-perl-utils-0:5.26.3-405.el7
  • rh-perl524-perl-4:5.24.0-381.el6
  • rh-perl524-perl-4:5.24.0-381.el7
  • rh-perl524-perl-Attribute-Handlers-0:0.99-381.el6
  • rh-perl524-perl-Attribute-Handlers-0:0.99-381.el7
  • rh-perl524-perl-Devel-Peek-0:1.23-381.el6
  • rh-perl524-perl-Devel-Peek-0:1.23-381.el7
  • rh-perl524-perl-Devel-SelfStubber-0:1.05-381.el6
  • rh-perl524-perl-Devel-SelfStubber-0:1.05-381.el7
  • rh-perl524-perl-Errno-0:1.25-381.el6
  • rh-perl524-perl-Errno-0:1.25-381.el7
  • rh-perl524-perl-ExtUtils-Embed-0:1.33-381.el6
  • rh-perl524-perl-ExtUtils-Embed-0:1.33-381.el7
  • rh-perl524-perl-ExtUtils-Miniperl-0:1.05-381.el6
  • rh-perl524-perl-ExtUtils-Miniperl-0:1.05-381.el7
  • rh-perl524-perl-IO-0:1.36-381.el6
  • rh-perl524-perl-IO-0:1.36-381.el7
  • rh-perl524-perl-IO-Zlib-1:1.10-381.el6
  • rh-perl524-perl-IO-Zlib-1:1.10-381.el7
  • rh-perl524-perl-Locale-Maketext-Simple-1:0.21-381.el6
  • rh-perl524-perl-Locale-Maketext-Simple-1:0.21-381.el7
  • rh-perl524-perl-Math-BigInt-FastCalc-0:0.40-381.el6
  • rh-perl524-perl-Math-BigInt-FastCalc-0:0.40-381.el7
  • rh-perl524-perl-Math-BigRat-0:0.2608.02-381.el6
  • rh-perl524-perl-Math-BigRat-0:0.2608.02-381.el7
  • rh-perl524-perl-Math-Complex-0:1.59-381.el6
  • rh-perl524-perl-Math-Complex-0:1.59-381.el7
  • rh-perl524-perl-Memoize-0:1.03-381.el6
  • rh-perl524-perl-Memoize-0:1.03-381.el7
  • rh-perl524-perl-Module-Loaded-1:0.08-381.el6
  • rh-perl524-perl-Module-Loaded-1:0.08-381.el7
  • rh-perl524-perl-Net-Ping-0:2.43-381.el6
  • rh-perl524-perl-Net-Ping-0:2.43-381.el7
  • rh-perl524-perl-Pod-Html-0:1.22-381.el6
  • rh-perl524-perl-Pod-Html-0:1.22-381.el7
  • rh-perl524-perl-SelfLoader-0:1.23-381.el6
  • rh-perl524-perl-SelfLoader-0:1.23-381.el7
  • rh-perl524-perl-Test-0:1.28-381.el6
  • rh-perl524-perl-Test-0:1.28-381.el7
  • rh-perl524-perl-Time-Piece-0:1.31-381.el6
  • rh-perl524-perl-Time-Piece-0:1.31-381.el7
  • rh-perl524-perl-bignum-0:0.42-381.el6
  • rh-perl524-perl-bignum-0:0.42-381.el7
  • rh-perl524-perl-core-0:5.24.0-381.el6
  • rh-perl524-perl-core-0:5.24.0-381.el7
  • rh-perl524-perl-debuginfo-4:5.24.0-381.el6
  • rh-perl524-perl-debuginfo-4:5.24.0-381.el7
  • rh-perl524-perl-devel-4:5.24.0-381.el6
  • rh-perl524-perl-devel-4:5.24.0-381.el7
  • rh-perl524-perl-libnetcfg-4:5.24.0-381.el6
  • rh-perl524-perl-libnetcfg-4:5.24.0-381.el7
  • rh-perl524-perl-libs-4:5.24.0-381.el6
  • rh-perl524-perl-libs-4:5.24.0-381.el7
  • rh-perl524-perl-macros-4:5.24.0-381.el6
  • rh-perl524-perl-macros-4:5.24.0-381.el7
  • rh-perl524-perl-open-0:1.10-381.el6
  • rh-perl524-perl-open-0:1.10-381.el7
  • rh-perl524-perl-tests-4:5.24.0-381.el6
  • rh-perl524-perl-tests-4:5.24.0-381.el7
  • rh-perl524-perl-utils-0:5.24.0-381.el6
  • rh-perl524-perl-utils-0:5.24.0-381.el7

References