Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2011:1797
HistoryDec 09, 2011 - 8:14 a.m.

perl security update

2011-12-0908:14:32
CentOS Project
lists.centos.org
53

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON

CentOS Errata and Security Advisory CESA-2011:1797

Perl is a high-level programming language commonly used for system
administration utilities and web programming.

It was found that the “new” constructor of the Digest module used its
argument as part of the string expression passed to the eval() function. An
attacker could possibly use this flaw to execute arbitrary Perl code with
the privileges of a Perl program that uses untrusted input as an argument
to the constructor. (CVE-2011-3597)

It was found that the Perl CGI module used a hard-coded value for the MIME
boundary string in multipart/x-mixed-replace content. A remote attacker
could possibly use this flaw to conduct an HTTP response splitting attack
via a specially-crafted HTTP request. (CVE-2010-2761)

A CRLF injection flaw was found in the way the Perl CGI module processed a
sequence of non-whitespace preceded by newline characters in the header. A
remote attacker could use this flaw to conduct an HTTP response splitting
attack via a specially-crafted sequence of characters provided to the CGI
module. (CVE-2010-4410)

All Perl users should upgrade to these updated packages, which contain
backported patches to correct these issues. All running Perl programs must
be restarted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-December/080468.html
https://lists.centos.org/pipermail/centos-announce/2011-December/080469.html
https://lists.centos.org/pipermail/centos-announce/2011-December/080470.html
https://lists.centos.org/pipermail/centos-announce/2011-December/080471.html

Affected packages:
perl
perl-suidperl

Upstream details at:
https://access.redhat.com/errata/RHSA-2011:1797

Related

nessus 40
openvas 60
oraclelinux 3
redhat 3
f5 2
cve 5
fedora 5
prion 5
ubuntucve 5
debiancve 4
veracode 3
altlinux 2
aix 1
gentoo 2
securityvulns 7
ubuntu 2
amazon 1
freebsd 1
vmware 2
nessus
nessus
Scientific Linux Security Update : perl on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
CentOS 4 / 5 : perl (CESA-2011:1797)
2011-12-12 00:00:00
RHEL 4 / 5 : perl (RHSA-2011:1797)
2011-12-09 00:00:00
openvas
openvas
CentOS Update for perl CESA-2011:1797 centos4 x86_64
2012-07-30 00:00:00
CentOS Update for perl CESA-2011:1797 centos4 i386
2011-12-12 00:00:00
CentOS Update for perl CESA-2011:1797 centos5 i386
2011-12-12 00:00:00
oraclelinux
oraclelinux
perl security update
2011-12-08 00:00:00
perl security and bug fix update
2011-05-28 00:00:00
perl security update
2011-11-03 00:00:00
redhat
redhat
(RHSA-2011:1797) Moderate: perl security update
2011-12-08 00:00:00
(RHSA-2011:0558) Moderate: perl security and bug fix update
2011-05-19 00:00:00
(RHSA-2011:1424) Moderate: perl security update
2011-11-03 00:00:00
f5
f5
K55423848 : CGI.pm and CGI::Simple vulnerabilities CVE-2010-2761 and CVE-2010-4410
2017-09-13 00:00:00
K83058481 : Perl vulnerabilities CVE-2011-1487, CVE-2011-2939, and CVE-2011-3597
2017-10-16 00:00:00
cve
cve
CVE-2010-4410
2010-12-06 20:13:00
CVE-2011-3597
2012-01-13 18:55:00
CVE-2010-2761
2010-12-06 20:12:00
fedora
fedora
[SECURITY] Fedora 13 Update: perl-CGI-Simple-1.113-1.fc13
2011-01-30 19:48:24
[SECURITY] Fedora 14 Update: perl-CGI-Simple-1.113-1.fc14
2011-01-30 19:52:02
[SECURITY] Fedora 14 Update: perl-CGI-3.51-1.fc14
2011-01-31 19:57:48
prion
prion
Crlf injection
2010-12-06 20:13:00
Sql injection
2012-01-13 18:55:00
Design/Logic Flaw
2010-12-06 20:13:00
ubuntucve
ubuntucve
CVE-2010-4410
2010-12-06 00:00:00
CVE-2010-4572
2011-01-28 00:00:00
CVE-2011-3597
2012-01-13 00:00:00
debiancve
debiancve
CVE-2010-4410
2010-12-06 20:13:00
CVE-2011-3597
2012-01-13 18:55:00
CVE-2010-2761
2010-12-06 20:12:00
veracode
veracode
Carriage Return Line Feed (CRLF)
2020-04-10 00:59:29
Arbitrary Code Execution
2020-04-10 01:03:28
HTTP Response Splitting
2020-04-10 00:59:28
altlinux
altlinux
Security fix for the ALT Linux 7 package perl version 1:5.14.2-alt4
2012-01-20 00:00:00
Security fix for the ALT Linux 6 package perl-CGI version 3.49-alt2
2011-01-19 00:00:00
aix
aix
Perl Digest Module Digest->new() Code Injection
2011-11-22 15:00:14
gentoo
gentoo
Perl Digest-Base module: Arbitrary code execution
2014-01-29 00:00:00
Bugzilla: Multiple vulnerabilities
2011-10-10 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:009 ] perl
2012-01-20 00:00:00
[USN-1129-1] Perl vulnerabilities
2011-05-05 00:00:00
perl multiple security vulnerabilities
2011-05-20 00:00:00
ubuntu
ubuntu
Perl vulnerabilities
2011-05-03 00:00:00
Perl vulnerabilities
2012-11-30 00:00:00
amazon
amazon
Medium: perl
2011-11-09 21:48:00
freebsd
freebsd
bugzilla -- multiple serious vulnerabilities
2011-01-24 00:00:00
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON
Related for CESA-2011:1797
nessus40openvas60oraclelinux3redhat3f52cve5fedora5prion5ubuntucve5debiancve4veracode3altlinux2aix1gentoo2securityvulns7ubuntu2amazon1freebsd1vmware2