Vulnerabilities > CVE-2018-18314 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
perl
canonical
debian
netapp
redhat
CWE-119
critical
nessus

Summary

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Vulnerable Configurations

Part Description Count
Application
Perl
421
Application
Netapp
10
OS
Canonical
4
OS
Debian
1
OS
Redhat
5

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-CA03363D57.NASL
    descriptionSecurity fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and CVE-2018-18314 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120786
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120786
    titleFedora 28 : 4:perl (2018-ca03363d57)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-ca03363d57.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120786);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314");
      script_xref(name:"FEDORA", value:"2018-ca03363d57");
    
      script_name(english:"Fedora 28 : 4:perl (2018-ca03363d57)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and
    CVE-2018-18314
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-ca03363d57"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 4:perl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:4:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"perl-5.26.3-415.fc28", epoch:"4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "4:perl");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3834-1.NASL
    descriptionJayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313) Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-13
    modified2018-12-04
    plugin id119337
    published2018-12-04
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119337
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : perl vulnerabilities (USN-3834-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3834-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119337);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/19");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314");
      script_xref(name:"USN", value:"3834-1");
      script_xref(name:"IAVA", value:"2018-A-0407-S");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : perl vulnerabilities (USN-3834-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Jayakrishna Menon discovered that Perl incorrectly handled
    Perl_my_setenv. An attacker could use this issue to cause Perl to
    crash, resulting in a denial of service, or possibly execute arbitrary
    code. (CVE-2018-18311)
    
    Eiichi Tsukata discovered that Perl incorrectly handled certain
    regular expressions. An attacker could use this issue to cause Perl to
    crash, resulting in a denial of service, or possibly execute arbitrary
    code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and
    Ubuntu 18.10. (CVE-2018-18312)
    
    Eiichi Tsukata discovered that Perl incorrectly handled certain
    regular expressions. An attacker could use this issue to cause Perl to
    crash, resulting in a denial of service. (CVE-2018-18313)
    
    Jakub Wilk discovered that Perl incorrectly handled certain regular
    expressions. An attacker could use this issue to cause Perl to crash,
    resulting in a denial of service. This issue only affected Ubuntu
    16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3834-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected perl package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|18\.04|18\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 18.04 / 18.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"perl", pkgver:"5.18.2-2ubuntu1.7")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"perl", pkgver:"5.22.1-9ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"perl", pkgver:"5.26.1-6ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"perl", pkgver:"5.26.2-7ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201909-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201909-01 (Perl: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id128590
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128590
    titleGLSA-201909-01 : Perl: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201909-01.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128590);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314", "CVE-2018-6797", "CVE-2018-6798", "CVE-2018-6913");
      script_xref(name:"GLSA", value:"201909-01");
    
      script_name(english:"GLSA-201909-01 : Perl: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201909-01
    (Perl: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Perl. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        Please review the referenced CVE identifiers for details.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201909-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Perl users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/perl-5.28.2'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/perl", unaffected:make_list("ge 5.28.2"), vulnerable:make_list("lt 5.28.2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1029.NASL
    descriptionThis update for perl fixes the following issues : Secuirty issues fixed : - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123159
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123159
    titleopenSUSE Security Update : perl (openSUSE-2019-1029)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1029.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123159);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/31");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314");
    
      script_name(english:"openSUSE Security Update : perl (openSUSE-2019-1029)");
      script_summary(english:"Check for the openSUSE-2019-1029 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for perl fixes the following issues :
    
    Secuirty issues fixed :
    
      - CVE-2018-18311: Fixed integer overflow with oversize
        environment (bsc#1114674).
    
      - CVE-2018-18312: Fixed heap-buffer-overflow write /
        reg_node overrun (bsc#1114675).
    
      - CVE-2018-18313: Fixed heap-buffer-overflow read if regex
        contains \0 chars (bsc#1114681).
    
      - CVE-2018-18314: Fixed heap-buffer-overflow in regex
        (bsc#1114686).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114686"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected perl packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"perl-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"perl-base-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"perl-base-debuginfo-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"perl-debuginfo-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"perl-debugsource-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-32bit-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-32bit-debuginfo-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-base-32bit-5.26.1-lp150.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-base-32bit-debuginfo-5.26.1-lp150.6.6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-32bit / perl-32bit-debuginfo / perl / perl-base-32bit / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4347.NASL
    descriptionMultiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv leading to a heap-based buffer overflow with attacker-controlled input. - CVE-2018-18312 Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow write during compilation, potentially allowing arbitrary code execution. - CVE-2018-18313 Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow read during compilation which leads to information leak. - CVE-2018-18314 Jakub Wilk discovered that a specially crafted regular expression could lead to a heap-based buffer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id119290
    published2018-11-30
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119290
    titleDebian DSA-4347-1 : perl - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4347. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119290);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/19");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314");
      script_xref(name:"DSA", value:"4347");
      script_xref(name:"IAVA", value:"2018-A-0407-S");
    
      script_name(english:"Debian DSA-4347-1 : perl - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Multiple vulnerabilities were discovered in the implementation of the
    Perl programming language. The Common Vulnerabilities and Exposures
    project identifies the following problems :
    
      - CVE-2018-18311
        Jayakrishna Menon and Christophe Hauser discovered an
        integer overflow vulnerability in Perl_my_setenv leading
        to a heap-based buffer overflow with attacker-controlled
        input.
    
      - CVE-2018-18312
        Eiichi Tsukata discovered that a crafted regular
        expression could cause a heap-based buffer overflow
        write during compilation, potentially allowing arbitrary
        code execution.
    
      - CVE-2018-18313
        Eiichi Tsukata discovered that a crafted regular
        expression could cause a heap-based buffer overflow read
        during compilation which leads to information leak.
    
      - CVE-2018-18314
        Jakub Wilk discovered that a specially crafted regular
        expression could lead to a heap-based buffer overflow."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-18311"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-18312"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-18313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-18314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/perl"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/perl"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2018/dsa-4347"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Upgrade the perl packages.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 5.24.1-3+deb9u5."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"libperl-dev", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"libperl5.24", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"perl", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"perl-base", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"perl-debug", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"perl-doc", reference:"5.24.1-3+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"perl-modules-5.24", reference:"5.24.1-3+deb9u5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4187-1.NASL
    descriptionThis update for perl fixes the following issues : Secuirty issues fixed : CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120189
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120189
    titleSUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2018:4187-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:4187-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120189);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16");
    
      script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2018:4187-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for perl fixes the following issues :
    
    Secuirty issues fixed :
    
    CVE-2018-18311: Fixed integer overflow with oversize environment
    (bsc#1114674).
    
    CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun
    (bsc#1114675).
    
    CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0
    chars (bsc#1114681).
    
    CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114686"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18311/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18312/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18313/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18314/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20184187-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1f588e88"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Development Tools 15:zypper in -t
    patch SUSE-SLE-Module-Development-Tools-15-2018-2984=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2018-2984=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-base-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-32bit-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"perl-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"perl-base-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"perl-base-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"perl-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"perl-debugsource-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"perl-32bit-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"perl-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"perl-base-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"perl-base-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"perl-debuginfo-5.26.1-7.6.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"perl-debugsource-5.26.1-7.6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1595.NASL
    descriptionThis update for perl fixes the following issues : Secuirty issues fixed : - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-12-24
    plugin id119863
    published2018-12-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119863
    titleopenSUSE Security Update : perl (openSUSE-2018-1595)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-9DBE983805.NASL
    descriptionSecurity fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and CVE-2018-18314 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120656
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120656
    titleFedora 29 : 4:perl (2018-9dbe983805)

Redhat

advisories
  • rhsa
    idRHSA-2019:0001
  • rhsa
    idRHSA-2019:0010
rpms
  • rh-perl526-perl-4:5.26.3-405.el7
  • rh-perl526-perl-Attribute-Handlers-0:0.99-405.el7
  • rh-perl526-perl-Devel-Peek-0:1.26-405.el7
  • rh-perl526-perl-Devel-SelfStubber-0:1.06-405.el7
  • rh-perl526-perl-Errno-0:1.28-405.el7
  • rh-perl526-perl-ExtUtils-Embed-0:1.34-405.el7
  • rh-perl526-perl-ExtUtils-Miniperl-0:1.06-405.el7
  • rh-perl526-perl-IO-0:1.38-405.el7
  • rh-perl526-perl-IO-Zlib-1:1.10-405.el7
  • rh-perl526-perl-Locale-Maketext-Simple-1:0.21-405.el7
  • rh-perl526-perl-Math-Complex-0:1.59-405.el7
  • rh-perl526-perl-Memoize-0:1.03-405.el7
  • rh-perl526-perl-Module-CoreList-1:5.20181130-1.el7
  • rh-perl526-perl-Module-CoreList-tools-1:5.20181130-1.el7
  • rh-perl526-perl-Module-Loaded-1:0.08-405.el7
  • rh-perl526-perl-Net-Ping-0:2.55-405.el7
  • rh-perl526-perl-Pod-Html-0:1.22.02-405.el7
  • rh-perl526-perl-SelfLoader-0:1.23-405.el7
  • rh-perl526-perl-Test-0:1.30-405.el7
  • rh-perl526-perl-Time-Piece-0:1.31-405.el7
  • rh-perl526-perl-debuginfo-4:5.26.3-405.el7
  • rh-perl526-perl-devel-4:5.26.3-405.el7
  • rh-perl526-perl-interpreter-4:5.26.3-405.el7
  • rh-perl526-perl-libnetcfg-4:5.26.3-405.el7
  • rh-perl526-perl-libs-4:5.26.3-405.el7
  • rh-perl526-perl-macros-4:5.26.3-405.el7
  • rh-perl526-perl-open-0:1.11-405.el7
  • rh-perl526-perl-tests-4:5.26.3-405.el7
  • rh-perl526-perl-utils-0:5.26.3-405.el7
  • rh-perl524-perl-4:5.24.0-381.el6
  • rh-perl524-perl-4:5.24.0-381.el7
  • rh-perl524-perl-Attribute-Handlers-0:0.99-381.el6
  • rh-perl524-perl-Attribute-Handlers-0:0.99-381.el7
  • rh-perl524-perl-Devel-Peek-0:1.23-381.el6
  • rh-perl524-perl-Devel-Peek-0:1.23-381.el7
  • rh-perl524-perl-Devel-SelfStubber-0:1.05-381.el6
  • rh-perl524-perl-Devel-SelfStubber-0:1.05-381.el7
  • rh-perl524-perl-Errno-0:1.25-381.el6
  • rh-perl524-perl-Errno-0:1.25-381.el7
  • rh-perl524-perl-ExtUtils-Embed-0:1.33-381.el6
  • rh-perl524-perl-ExtUtils-Embed-0:1.33-381.el7
  • rh-perl524-perl-ExtUtils-Miniperl-0:1.05-381.el6
  • rh-perl524-perl-ExtUtils-Miniperl-0:1.05-381.el7
  • rh-perl524-perl-IO-0:1.36-381.el6
  • rh-perl524-perl-IO-0:1.36-381.el7
  • rh-perl524-perl-IO-Zlib-1:1.10-381.el6
  • rh-perl524-perl-IO-Zlib-1:1.10-381.el7
  • rh-perl524-perl-Locale-Maketext-Simple-1:0.21-381.el6
  • rh-perl524-perl-Locale-Maketext-Simple-1:0.21-381.el7
  • rh-perl524-perl-Math-BigInt-FastCalc-0:0.40-381.el6
  • rh-perl524-perl-Math-BigInt-FastCalc-0:0.40-381.el7
  • rh-perl524-perl-Math-BigRat-0:0.2608.02-381.el6
  • rh-perl524-perl-Math-BigRat-0:0.2608.02-381.el7
  • rh-perl524-perl-Math-Complex-0:1.59-381.el6
  • rh-perl524-perl-Math-Complex-0:1.59-381.el7
  • rh-perl524-perl-Memoize-0:1.03-381.el6
  • rh-perl524-perl-Memoize-0:1.03-381.el7
  • rh-perl524-perl-Module-Loaded-1:0.08-381.el6
  • rh-perl524-perl-Module-Loaded-1:0.08-381.el7
  • rh-perl524-perl-Net-Ping-0:2.43-381.el6
  • rh-perl524-perl-Net-Ping-0:2.43-381.el7
  • rh-perl524-perl-Pod-Html-0:1.22-381.el6
  • rh-perl524-perl-Pod-Html-0:1.22-381.el7
  • rh-perl524-perl-SelfLoader-0:1.23-381.el6
  • rh-perl524-perl-SelfLoader-0:1.23-381.el7
  • rh-perl524-perl-Test-0:1.28-381.el6
  • rh-perl524-perl-Test-0:1.28-381.el7
  • rh-perl524-perl-Time-Piece-0:1.31-381.el6
  • rh-perl524-perl-Time-Piece-0:1.31-381.el7
  • rh-perl524-perl-bignum-0:0.42-381.el6
  • rh-perl524-perl-bignum-0:0.42-381.el7
  • rh-perl524-perl-core-0:5.24.0-381.el6
  • rh-perl524-perl-core-0:5.24.0-381.el7
  • rh-perl524-perl-debuginfo-4:5.24.0-381.el6
  • rh-perl524-perl-debuginfo-4:5.24.0-381.el7
  • rh-perl524-perl-devel-4:5.24.0-381.el6
  • rh-perl524-perl-devel-4:5.24.0-381.el7
  • rh-perl524-perl-libnetcfg-4:5.24.0-381.el6
  • rh-perl524-perl-libnetcfg-4:5.24.0-381.el7
  • rh-perl524-perl-libs-4:5.24.0-381.el6
  • rh-perl524-perl-libs-4:5.24.0-381.el7
  • rh-perl524-perl-macros-4:5.24.0-381.el6
  • rh-perl524-perl-macros-4:5.24.0-381.el7
  • rh-perl524-perl-open-0:1.10-381.el6
  • rh-perl524-perl-open-0:1.10-381.el7
  • rh-perl524-perl-tests-4:5.24.0-381.el6
  • rh-perl524-perl-tests-4:5.24.0-381.el7
  • rh-perl524-perl-utils-0:5.24.0-381.el6
  • rh-perl524-perl-utils-0:5.24.0-381.el7

References