Medium
Canonical Ubuntu
It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification. Update Instructions: Run sudo pro fix USN-5689-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: perl-modules-5.22 – 5.22.1-9ubuntu0.9+esm1 libperl-dev – 5.22.1-9ubuntu0.9+esm1 perl-doc – 5.22.1-9ubuntu0.9+esm1 perl – 5.22.1-9ubuntu0.9+esm1 perl-base – 5.22.1-9ubuntu0.9+esm1 perl-debug – 5.22.1-9ubuntu0.9+esm1 libperl5.22 – 5.22.1-9ubuntu0.9+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro
CVEs contained in this USN include: CVE-2020-16156.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2022-12-07: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
bionic stemcells | lt | 1.122 | |
cflinuxfs3 | lt | 0.329.0 | |
jammy stemcells | lt | 1.30 | |
cf deployment | lt | 23.0.0 |