{"id": "ELSA-2021-0343", "bulletinFamily": "unix", "title": "perl security update", "description": "[4:5.16.3-299]\n- Fix CVE-2020-10543 (bug #1839272)\n- Fix CVE-2020-10878 (bug #1839275)\n[4:5.16.3-298]\n- Fix CVE-2020-12723 (bug #1839278)", "published": "2021-02-03T00:00:00", "modified": "2021-02-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://linux.oracle.com/errata/ELSA-2021-0343.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "type": "oraclelinux", "lastseen": "2021-02-03T23:32:53", "edition": 1, "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-12723", "CVE-2020-10878", "CVE-2020-10543"]}, {"type": "redhat", "idList": ["RHSA-2021:0719", "RHSA-2021:0779", "RHSA-2021:0778", "RHSA-2021:1032", "RHSA-2021:0343", "RHSA-2021:0607", "RHSA-2021:0557", "RHSA-2021:1129", "RHSA-2021:0883"]}, {"type": "centos", "idList": ["CESA-2021:0343"]}, {"type": "gentoo", "idList": ["GLSA-202006-03"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:DC88CEA06ECA856893E7D089D36ADB07"]}, {"type": "fedora", "idList": ["FEDORA:017273129EBB", "FEDORA:481D1608F47B"]}, {"type": "aix", "idList": ["PERL_ADVISORY5.ASC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0850-1"]}, {"type": "amazon", "idList": ["ALAS2-2021-1610"]}, {"type": "ubuntu", "idList": ["USN-4602-2", "USN-4602-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877986", "OPENVAS:1361412562310877942", "OPENVAS:1361412562310853226"]}, {"type": "nessus", "idList": ["FEDORA_2020-FD73C08076.NASL", "SL_20210202_PERL_ON_SL7_X.NASL", "SUSE_SU-2020-1682-2.NASL", "UBUNTU_USN-4602-1.NASL", "GENTOO_GLSA-202006-03.NASL", "SUSE_SU-2020-1662-1.NASL", "OPENSUSE-2020-850.NASL", "AIX_IJ26985.NASL", "EULEROS_SA-2020-2085.NASL", "REDHAT-RHSA-2021-0883.NASL"]}, {"type": "hackerone", "idList": ["H1:888986"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-0557"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2020", "ORACLE:CPUJAN2021"]}], "modified": "2021-02-03T23:32:53", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-02-03T23:32:53", "rev": 2}, "vulnersScore": 7.0}, "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Module-Loaded-0.08-299.el7_9.noarch.rpm", "packageName": "perl-Module-Loaded", "packageVersion": "0.08-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Module-Loaded-0.08-299.el7_9.noarch.rpm", "packageName": "perl-Module-Loaded", "packageVersion": "0.08-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-libs-5.16.3-299.el7_9.x86_64.rpm", "packageName": "perl-libs", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-5.16.3-299.el7_9.aarch64.rpm", "packageName": "perl", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm", "packageName": "perl-Module-CoreList", "packageVersion": "2.76.02-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm", "packageName": "perl-Module-CoreList", "packageVersion": "2.76.02-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-devel-5.16.3-299.el7_9.x86_64.rpm", "packageName": "perl-devel", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Object-Accessor-0.42-299.el7_9.noarch.rpm", "packageName": "perl-Object-Accessor", "packageVersion": "0.42-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Object-Accessor-0.42-299.el7_9.noarch.rpm", "packageName": "perl-Object-Accessor", "packageVersion": "0.42-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Package-Constants-0.02-299.el7_9.noarch.rpm", "packageName": "perl-Package-Constants", "packageVersion": "0.02-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Package-Constants-0.02-299.el7_9.noarch.rpm", "packageName": "perl-Package-Constants", "packageVersion": "0.02-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "i686", "operator": "lt", "packageFilename": "perl-devel-5.16.3-299.el7_9.i686.rpm", "packageName": "perl-devel", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-CPAN-1.9800-299.el7_9.noarch.rpm", "packageName": "perl-CPAN", "packageVersion": "1.9800-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-CPAN-1.9800-299.el7_9.noarch.rpm", "packageName": "perl-CPAN", "packageVersion": "1.9800-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-core-5.16.3-299.el7_9.x86_64.rpm", "packageName": "perl-core", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-macros-5.16.3-299.el7_9.aarch64.rpm", "packageName": "perl-macros", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-devel-5.16.3-299.el7_9.aarch64.rpm", "packageName": "perl-devel", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-libs-5.16.3-299.el7_9.aarch64.rpm", "packageName": "perl-libs", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-Time-Piece-1.20.1-299.el7_9.aarch64.rpm", "packageName": "perl-Time-Piece", "packageVersion": "1.20.1-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-tests-5.16.3-299.el7_9.aarch64.rpm", "packageName": "perl-tests", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm", "packageName": "perl-ExtUtils-Install", "packageVersion": "1.58-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm", "packageName": "perl-ExtUtils-Install", "packageVersion": "1.58-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm", "packageName": "perl-Locale-Maketext-Simple", "packageVersion": "0.21-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm", "packageName": "perl-Locale-Maketext-Simple", "packageVersion": "0.21-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-5.16.3-299.el7_9.x86_64.rpm", "packageName": "perl", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-IO-Zlib-1.10-299.el7_9.noarch.rpm", "packageName": "perl-IO-Zlib", "packageVersion": "1.10-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-IO-Zlib-1.10-299.el7_9.noarch.rpm", "packageName": "perl-IO-Zlib", "packageVersion": "1.10-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm", "packageName": "perl-Time-Piece", "packageVersion": "1.20.1-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "i686", "operator": "lt", "packageFilename": "perl-libs-5.16.3-299.el7_9.i686.rpm", "packageName": "perl-libs", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-macros-5.16.3-299.el7_9.x86_64.rpm", "packageName": "perl-macros", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm", "packageName": "perl-Pod-Escapes", "packageVersion": "1.04-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm", "packageName": "perl-Pod-Escapes", "packageVersion": "1.04-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "src", "operator": "lt", "packageFilename": "perl-5.16.3-299.el7_9.src.rpm", "packageName": "perl", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "src", "operator": "lt", "packageFilename": "perl-5.16.3-299.el7_9.src.rpm", "packageName": "perl", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-core-5.16.3-299.el7_9.aarch64.rpm", "packageName": "perl-core", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm", "packageName": "perl-ExtUtils-CBuilder", "packageVersion": "0.28.2.6-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm", "packageName": "perl-ExtUtils-CBuilder", "packageVersion": "0.28.2.6-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-tests-5.16.3-299.el7_9.x86_64.rpm", "packageName": "perl-tests", "packageVersion": "5.16.3-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm", "packageName": "perl-ExtUtils-Embed", "packageVersion": "1.30-299.el7_9"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "noarch", "operator": "lt", "packageFilename": "perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm", "packageName": "perl-ExtUtils-Embed", "packageVersion": "1.30-299.el7_9"}], "immutableFields": []}

{"cve": [{"lastseen": "2021-03-16T12:32:49", "description": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.", "edition": 13, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-05T15:15:00", "title": "CVE-2020-12723", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12723"], "modified": "2021-03-15T22:10:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.2.0", "cpe:/o:opensuse:leap:15.1", "cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.3.0", "cpe:/a:netapp:snap_creator_framework:-", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-12723", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12723", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:36:54", "description": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.", "edition": 13, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 8.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.2}, "published": "2020-06-05T14:15:00", "title": "CVE-2020-10543", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10543"], "modified": "2021-01-20T15:15:00", "cpe": ["cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-10543", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10543", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2021-03-16T12:32:43", "description": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.", "edition": 14, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.7}, "published": "2020-06-05T14:15:00", "title": "CVE-2020-10878", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10878"], "modified": "2021-03-15T22:12:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.2.0", "cpe:/o:opensuse:leap:15.1", "cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.3.0", "cpe:/a:netapp:snap_creator_framework:-", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-10878", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10878", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2021-03-17T20:28:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723"], "description": "Perl is a high-level programming language that is commonly used for system administration utilities and web programming.\n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-16T18:02:33", "published": "2021-03-16T17:08:30", "id": "RHSA-2021:0883", "href": "https://access.redhat.com/errata/RHSA-2021:0883", "type": "redhat", "title": "(RHSA-2021:0883) Moderate: perl security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-30T10:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723"], "description": "Perl is a high-level programming language that is commonly used for system administration utilities and web programming.\n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-30T12:47:46", "published": "2021-03-30T11:25:33", "id": "RHSA-2021:1032", "href": "https://access.redhat.com/errata/RHSA-2021:1032", "type": "redhat", "title": "(RHSA-2021:1032) Moderate: perl security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-04T00:26:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723"], "description": "Perl is a high-level programming language that is commonly used for system administration utilities and web programming.\n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-02-02T15:58:02", "published": "2021-02-02T14:28:11", "id": "RHSA-2021:0343", "href": "https://access.redhat.com/errata/RHSA-2021:0343", "type": "redhat", "title": "(RHSA-2021:0343) Moderate: perl security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-09T16:35:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-20372", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723", "CVE-2020-35678", "CVE-2021-20178", "CVE-2021-20180", "CVE-2021-20191", "CVE-2021-20228", "CVE-2021-20253"], "description": "Security Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253\n* Upgraded to a more recent version of autobahn to address CVE-2020-35678.\n* Upgraded to a more recent version of nginx to address CVE-2019-20372.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.\n* Improved analytics collection to collect the playbook status for all hosts in a playbook run", "modified": "2021-03-09T20:08:47", "published": "2021-03-09T20:07:20", "id": "RHSA-2021:0779", "href": "https://access.redhat.com/errata/RHSA-2021:0779", "type": "redhat", "title": "(RHSA-2021:0779) Important: Red Hat Ansible Tower 3.7.5-1 - Container security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-16T14:36:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12723"], "description": "Perl is a high-level programming language that is commonly used for system administration utilities and web programming.\n\nSecurity Fix(es):\n\n* perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-02-16T18:39:52", "published": "2021-02-16T12:35:46", "id": "RHSA-2021:0557", "href": "https://access.redhat.com/errata/RHSA-2021:0557", "type": "redhat", "title": "(RHSA-2021:0557) Moderate: perl security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-17T18:28:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5766", "CVE-2019-25013", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723", "CVE-2020-15436", "CVE-2020-1971", "CVE-2020-29573", "CVE-2020-35513", "CVE-2020-8564", "CVE-2021-3121"], "description": "Red Hat Advanced Cluster Management for Kubernetes 2.1.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation,\nwhich will be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/release_notes/\n\nSecurity fix:\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation. (CVE-2021-3121)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fixes:\n\n* Moving from Patched ACM 2.1.x CSV to Default Results in Degraded Cluster (BZ #1906142)\n* Managed Cluster in RHACM stays in Pending Import state (BZ#1894778)\n* RHACM 2.1.0 Custom CA/Cert not working with observability component (BZ#1906542) \n* Policy Standards, Categories and Controls value listing is not consistent across pages (BZ#1896399) \n* Page gets blanks when YAML editor is cleared in policy creation page (BZ#1901447) \n* Content for a page with invalid namespace in URL keeps on loading (BZ#1903580)\n* Missing git repo secret causes multicluster-operators-hub-subscription to crash (BZ#1918799)", "modified": "2021-02-17T21:50:16", "published": "2021-02-17T21:49:27", "id": "RHSA-2021:0607", "href": "https://access.redhat.com/errata/RHSA-2021:0607", "type": "redhat", "title": "(RHSA-2021:0607) Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-09T16:34:46", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5766", "CVE-2018-20843", "CVE-2019-11719", "CVE-2019-11727", "CVE-2019-11756", "CVE-2019-12749", "CVE-2019-14866", "CVE-2019-15903", "CVE-2019-17006", "CVE-2019-17023", "CVE-2019-17498", "CVE-2019-19956", "CVE-2019-20372", "CVE-2019-20388", "CVE-2019-20907", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-12243", "CVE-2020-12400", "CVE-2020-12401", "CVE-2020-12402", "CVE-2020-12403", "CVE-2020-12723", "CVE-2020-1971", "CVE-2020-35678", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8177", "CVE-2021-20178", "CVE-2021-20180", "CVE-2021-20191", "CVE-2021-20228", "CVE-2021-20253"], "description": "Security Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253\n* Upgraded to a more recent version of nginx to address CVE-2019-20372\n* Upgraded to a more recent version of autobahn to address CVE-2020-35678\n* Upgraded to a more recent version of jquery to address CVE-2020-11022 and CVE-2020-11023\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-09T20:08:46", "published": "2021-03-09T20:06:59", "id": "RHSA-2021:0778", "href": "https://access.redhat.com/errata/RHSA-2021:0778", "type": "redhat", "title": "(RHSA-2021:0778) Important: Red Hat Ansible Tower 3.6.7-1 - Container security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-07T10:30:10", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5766", "CVE-2018-20843", "CVE-2019-11719", "CVE-2019-11727", "CVE-2019-11756", "CVE-2019-12749", "CVE-2019-14866", "CVE-2019-15903", "CVE-2019-17006", "CVE-2019-17023", "CVE-2019-17498", "CVE-2019-19126", "CVE-2019-19532", "CVE-2019-19956", "CVE-2019-20388", "CVE-2019-20907", "CVE-2019-5094", "CVE-2019-5188", "CVE-2020-0427", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12243", "CVE-2020-12400", "CVE-2020-12401", "CVE-2020-12402", "CVE-2020-12403", "CVE-2020-12723", "CVE-2020-14040", "CVE-2020-14351", "CVE-2020-1971", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-6829", "CVE-2020-7053", "CVE-2020-7595", "CVE-2020-8177", "CVE-2020-9283", "CVE-2021-20265", "CVE-2021-22883", "CVE-2021-22884"], "description": "Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.\n\nThis advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-04-07T13:53:17", "published": "2021-04-07T13:52:40", "id": "RHSA-2021:1129", "href": "https://access.redhat.com/errata/RHSA-2021:1129", "type": "redhat", "title": "(RHSA-2021:1129) Moderate: Red Hat 3scale API Management 2.10.0 security update and release", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-16T00:28:30", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8011", "CVE-2019-16541", "CVE-2019-25013", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-11979", "CVE-2020-12723", "CVE-2020-14040", "CVE-2020-14351", "CVE-2020-14370", "CVE-2020-15436", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-1945", "CVE-2020-2252", "CVE-2020-2254", "CVE-2020-2255", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-25211", "CVE-2020-25705", "CVE-2020-28362", "CVE-2020-29573", "CVE-2020-29661", "CVE-2020-35513", "CVE-2020-8563", "CVE-2020-8564", "CVE-2021-20230", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615", "CVE-2021-3121"], "description": "Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images.\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve some security issues and bugs. See the following Release Notes documentation, which will be updated shortly for this release, for details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/\n\nSecurity fixes:\n\n* multicloud-operators-foundation: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)", "modified": "2021-03-16T02:17:07", "published": "2021-03-04T04:30:29", "id": "RHSA-2021:0719", "href": "https://access.redhat.com/errata/RHSA-2021:0719", "type": "redhat", "title": "(RHSA-2021:0719) Moderate: Red Hat Advanced Cluster Management 2.0.8 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2021-02-04T05:30:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "**CentOS Errata and Security Advisory** CESA-2021:0343\n\n\nPerl is a high-level programming language that is commonly used for system administration utilities and web programming.\n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2021-February/048259.html\n\n**Affected packages:**\nperl\nperl-CPAN\nperl-ExtUtils-CBuilder\nperl-ExtUtils-Embed\nperl-ExtUtils-Install\nperl-IO-Zlib\nperl-Locale-Maketext-Simple\nperl-Module-CoreList\nperl-Module-Loaded\nperl-Object-Accessor\nperl-Package-Constants\nperl-Pod-Escapes\nperl-Time-Piece\nperl-core\nperl-devel\nperl-libs\nperl-macros\nperl-tests\n\n**Upstream details at:**\n", "edition": 1, "modified": "2021-02-04T01:04:16", "published": "2021-02-04T01:04:16", "id": "CESA-2021:0343", "href": "http://lists.centos.org/pipermail/centos-announce/2021-February/048259.html", "title": "perl security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2020-06-12T07:22:53", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "### Background\n\nPerl is a highly capable, feature-rich programming language.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Perl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/perl-5.30.3\"", "edition": 1, "modified": "2020-06-12T00:00:00", "published": "2020-06-12T00:00:00", "id": "GLSA-202006-03", "href": "https://security.gentoo.org/glsa/202006-03", "title": "Perl: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2021-03-10T03:29:52", "bulletinFamily": "software", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "## Severity\n\nLow\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543)\n\nHugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878)\n\nSergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723)\n\nCVEs contained in this USN include: CVE-2020-10878, CVE-2020-10543, CVE-2020-12723.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.211.0\n * Xenial Stemcells \n * 315.x versions prior to 315.201\n * 456.x versions prior to 456.128\n * 621.x versions prior to 621.92\n * All other stemcells not listed.\n * CF Deployment \n * All versions prior to 15.4.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade all versions to 0.211.0 or greater\n * Xenial Stemcells \n * Upgrade 315.x versions to 315.201 or greater\n * Upgrade 456.x versions to 456.128 or greater\n * Upgrade 621.x versions to 621.92 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * CF Deployment \n * Upgrade all versions to 15.4.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4602-1/>)\n * [CVE-2020-10878](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10878>)\n * [CVE-2020-10543](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10543>)\n * [CVE-2020-12723](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12723>)\n\n## History\n\n2021-03-09: Initial vulnerability report published.\n", "edition": 1, "modified": "2021-03-09T00:00:00", "published": "2021-03-09T00:00:00", "id": "CFOUNDRY:DC88CEA06ECA856893E7D089D36ADB07", "href": "https://www.cloudfoundry.org/blog/usn-4602-1/", "title": "USN-4602-1: Perl vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T09:06:21", "description": "According to the versions of the perl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Perl before 5.30.3 on 32-bit platforms allows a\n heap-based buffer overflow because nested regular\n expression quantifiers have an integer\n overflow.(CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to\n mishandling of a 'PL_regkind[OP(n)] == NOTHING'\n situation. A crafted regular expression could lead to\n malformed bytecode with a possibility of instruction\n injection.(CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer\n overflow via a crafted regular expression because of\n recursive S_study_chunk calls.(CVE-2020-12723)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2020-09-28T00:00:00", "title": "EulerOS 2.0 SP3 : perl (EulerOS-SA-2020-2085)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "modified": "2020-09-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:perl-devel", "p-cpe:/a:huawei:euleros:perl", "p-cpe:/a:huawei:euleros:perl-libs", "p-cpe:/a:huawei:euleros:perl-core", "p-cpe:/a:huawei:euleros:perl-macros", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2085.NASL", "href": "https://www.tenable.com/plugins/nessus/140852", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140852);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10543\",\n \"CVE-2020-10878\",\n \"CVE-2020-12723\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : perl (EulerOS-SA-2020-2085)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the perl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Perl before 5.30.3 on 32-bit platforms allows a\n heap-based buffer overflow because nested regular\n expression quantifiers have an integer\n overflow.(CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to\n mishandling of a 'PL_regkind[OP(n)] == NOTHING'\n situation. A crafted regular expression could lead to\n malformed bytecode with a possibility of instruction\n injection.(CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer\n overflow via a crafted regular expression because of\n recursive S_study_chunk calls.(CVE-2020-12723)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2085\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef7cc080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"perl-5.16.3-285.h9\",\n \"perl-core-5.16.3-285.h9\",\n \"perl-devel-5.16.3-285.h9\",\n \"perl-libs-5.16.3-285.h9\",\n \"perl-macros-5.16.3-285.h9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-01T00:54:03", "description": "An update of the perl package has been released.", "edition": 3, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2020-06-25T00:00:00", "title": "Photon OS 3.0: Perl PHSA-2020-3.0-0104", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "modified": "2020-06-25T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:perl", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0104_PERL.NASL", "href": "https://www.tenable.com/plugins/nessus/137784", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0104. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137784);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/30\");\n\n script_cve_id(\"CVE-2020-10543\", \"CVE-2020-10878\", \"CVE-2020-12723\");\n script_xref(name:\"IAVA\", value:\"2020-A-0268\");\n\n script_name(english:\"Photon OS 3.0: Perl PHSA-2020-3.0-0104\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the perl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-104.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10878\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"perl-5.28.0-7.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:28:46", "description": "This update for perl fixes the following issues :\n\nCVE-2020-10543: Fixed a heap buffer overflow in regular expression\ncompiler which could have allowed overwriting of allocated memory with\nattacker's data (bsc#1171863).\n\nCVE-2020-10878: Fixed multiple integer overflows which could have\nallowed the insertion of instructions into the compiled form of Perl\nregular expression (bsc#1171864).\n\nCVE-2020-12723: Fixed an attacker's corruption of the intermediate\nlanguage state of a compiled regular expression (bsc#1171866).\n\nFixed a bad warning in features.ph (bsc#1172348).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2020-07-09T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2020:1682-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "modified": "2020-07-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:perl-debugsource", "p-cpe:/a:novell:suse_linux:perl-base-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:perl-base", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:perl", "p-cpe:/a:novell:suse_linux:perl-base-debuginfo", "p-cpe:/a:novell:suse_linux:perl-debuginfo", "p-cpe:/a:novell:suse_linux:perl-32bit-debuginfo"], "id": "SUSE_SU-2020-1682-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138276", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1682-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138276);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-10543\", \"CVE-2020-10878\", \"CVE-2020-12723\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2020:1682-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for perl fixes the following issues :\n\nCVE-2020-10543: Fixed a heap buffer overflow in regular expression\ncompiler which could have allowed overwriting of allocated memory with\nattacker's data (bsc#1171863).\n\nCVE-2020-10878: Fixed multiple integer overflows which could have\nallowed the insertion of instructions into the compiled form of Perl\nregular expression (bsc#1171864).\n\nCVE-2020-12723: Fixed an attacker's corruption of the intermediate\nlanguage state of a compiled regular expression (bsc#1171866).\n\nFixed a bad warning in features.ph (bsc#1172348).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10878/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12723/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201682-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d9ccf1c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1682=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-1682=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1682=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2020-1682=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP1-2020-1682=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1682=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1682=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-1682=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-1682=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10878\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-base-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"perl-32bit-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"perl-base-32bit-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"perl-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"perl-base-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"perl-base-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"perl-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"perl-debugsource-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"perl-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"perl-base-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"perl-base-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"perl-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"perl-debugsource-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"perl-32bit-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"perl-32bit-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"perl-base-32bit-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"perl-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"perl-base-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"perl-base-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"perl-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"perl-debugsource-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"perl-32bit-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"perl-base-32bit-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"perl-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"perl-base-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"perl-base-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"perl-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"perl-debugsource-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"perl-32bit-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"perl-32bit-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"perl-base-32bit-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"perl-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"perl-base-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"perl-base-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"perl-debuginfo-5.26.1-7.12.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"perl-debugsource-5.26.1-7.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-21T14:52:26", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4602-1 advisory.\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular\n expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING\n situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction\n injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of\n recursive S_study_chunk calls. (CVE-2020-12723)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2020-10-27T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Perl vulnerabilities (USN-4602-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "modified": "2020-10-27T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libperl5.26", "p-cpe:/a:canonical:ubuntu_linux:libperl5.22", "p-cpe:/a:canonical:ubuntu_linux:libperl-dev", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:perl-modules-5.30", "p-cpe:/a:canonical:ubuntu_linux:libperl5.30", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:perl-base", "p-cpe:/a:canonical:ubuntu_linux:perl-modules-5.26", "p-cpe:/a:canonical:ubuntu_linux:perl-debug", "p-cpe:/a:canonical:ubuntu_linux:perl", "p-cpe:/a:canonical:ubuntu_linux:perl-modules-5.22"], "id": "UBUNTU_USN-4602-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141913", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4602-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141913);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/20\");\n\n script_cve_id(\"CVE-2020-10543\", \"CVE-2020-10878\", \"CVE-2020-12723\");\n script_xref(name:\"USN\", value:\"4602-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Perl vulnerabilities (USN-4602-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4602-1 advisory.\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular\n expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING\n situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction\n injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of\n recursive S_study_chunk calls. (CVE-2020-12723)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4602-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10878\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libperl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libperl5.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libperl5.26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libperl5.30\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perl-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perl-modules-5.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perl-modules-5.26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perl-modules-5.30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2021 Canonical, Inc. / NASL script (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'libperl-dev', 'pkgver': '5.22.1-9ubuntu0.9'},\n {'osver': '16.04', 'pkgname': 'libperl5.22', 'pkgver': '5.22.1-9ubuntu0.9'},\n {'osver': '16.04', 'pkgname': 'perl', 'pkgver': '5.22.1-9ubuntu0.9'},\n {'osver': '16.04', 'pkgname': 'perl-base', 'pkgver': '5.22.1-9ubuntu0.9'},\n {'osver': '16.04', 'pkgname': 'perl-debug', 'pkgver': '5.22.1-9ubuntu0.9'},\n {'osver': '16.04', 'pkgname': 'perl-modules-5.22', 'pkgver': '5.22.1-9ubuntu0.9'},\n {'osver': '18.04', 'pkgname': 'libperl-dev', 'pkgver': '5.26.1-6ubuntu0.5'},\n {'osver': '18.04', 'pkgname': 'libperl5.26', 'pkgver': '5.26.1-6ubuntu0.5'},\n {'osver': '18.04', 'pkgname': 'perl', 'pkgver': '5.26.1-6ubuntu0.5'},\n {'osver': '18.04', 'pkgname': 'perl-base', 'pkgver': '5.26.1-6ubuntu0.5'},\n {'osver': '18.04', 'pkgname': 'perl-debug', 'pkgver': '5.26.1-6ubuntu0.5'},\n {'osver': '18.04', 'pkgname': 'perl-modules-5.26', 'pkgver': '5.26.1-6ubuntu0.5'},\n {'osver': '20.04', 'pkgname': 'libperl-dev', 'pkgver': '5.30.0-9ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'libperl5.30', 'pkgver': '5.30.0-9ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'perl', 'pkgver': '5.30.0-9ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'perl-base', 'pkgver': '5.30.0-9ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'perl-debug', 'pkgver': '5.30.0-9ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'perl-modules-5.30', 'pkgver': '5.30.0-9ubuntu0.2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libperl-dev / libperl5.22 / libperl5.26 / libperl5.30 / perl / etc');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:07:04", "description": "According to the versions of the perl packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Perl before 5.30.3 has an integer overflow related to\n mishandling of a 'PL_regkind[OP(n)] == NOTHING'\n situation. A crafted regular expression could lead to\n malformed bytecode with a possibility of instruction\n injection.(CVE-2020-10878)\n\n - Perl before 5.30.3 on 33-bit platforms allows a\n heap-based buffer overflow because nested regular\n expression quantifiers have an integer\n overflow.(CVE-2020-10543)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer\n overflow via a crafted regular expression because of\n recursive S_study_chunk calls.(CVE-2020-12723)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2020-11-06T00:00:00", "title": "EulerOS Virtualization 3.0.6.6 : perl (EulerOS-SA-2020-2459)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "modified": "2020-11-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.6.6", "p-cpe:/a:huawei:euleros:perl-devel", "p-cpe:/a:huawei:euleros:perl", "p-cpe:/a:huawei:euleros:perl-libs", "p-cpe:/a:huawei:euleros:perl-core", "p-cpe:/a:huawei:euleros:perl-macros"], "id": "EULEROS_SA-2020-2459.NASL", "href": "https://www.tenable.com/plugins/nessus/142579", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142579);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10543\",\n \"CVE-2020-10878\",\n \"CVE-2020-12723\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : perl (EulerOS-SA-2020-2459)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the perl packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Perl before 5.30.3 has an integer overflow related to\n mishandling of a 'PL_regkind[OP(n)] == NOTHING'\n situation. A crafted regular expression could lead to\n malformed bytecode with a possibility of instruction\n injection.(CVE-2020-10878)\n\n - Perl before 5.30.3 on 33-bit platforms allows a\n heap-based buffer overflow because nested regular\n expression quantifiers have an integer\n overflow.(CVE-2020-10543)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer\n overflow via a crafted regular expression because of\n recursive S_study_chunk calls.(CVE-2020-12723)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2459\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?508f5d1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"perl-5.16.3-292.h13.eulerosv2r7\",\n \"perl-core-5.16.3-292.h13.eulerosv2r7\",\n \"perl-devel-5.16.3-292.h13.eulerosv2r7\",\n \"perl-libs-5.16.3-292.h13.eulerosv2r7\",\n \"perl-macros-5.16.3-292.h13.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-24T10:37:11", "description": "The remote host is affected by the vulnerability described in GLSA-202006-03\n(Perl: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Perl. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 4, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2020-06-12T00:00:00", "title": "GLSA-202006-03 : Perl: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "modified": "2020-06-12T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:perl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202006-03.NASL", "href": "https://www.tenable.com/plugins/nessus/137383", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202006-03.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137383);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2020-10543\", \"CVE-2020-10878\", \"CVE-2020-12723\");\n script_xref(name:\"GLSA\", value:\"202006-03\");\n script_xref(name:\"IAVA\", value:\"2020-A-0268\");\n\n script_name(english:\"GLSA-202006-03 : Perl: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202006-03\n(Perl: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Perl. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202006-03\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Perl users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/perl-5.30.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10878\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/perl\", unaffected:make_list(\"ge 5.30.3\"), vulnerable:make_list(\"lt 5.30.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-06T09:40:05", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:0343 advisory.\n\n - perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)\n\n - perl: corruption of intermediate language state of compiled regular expression due to integer overflow\n leads to DoS (CVE-2020-10878)\n\n - perl: corruption of intermediate language state of compiled regular expression due to recursive\n S_study_chunk() calls leads to DoS (CVE-2020-12723)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2021-02-03T00:00:00", "title": "CentOS 7 : perl (CESA-2021:0343)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "modified": "2021-02-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:perl", "p-cpe:/a:centos:centos:perl-IO-Zlib", "p-cpe:/a:centos:centos:perl-ExtUtils-Install", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:perl-Object-Accessor", "p-cpe:/a:centos:centos:perl-tests", "p-cpe:/a:centos:centos:perl-Locale-Maketext-Simple", "p-cpe:/a:centos:centos:perl-ExtUtils-CBuilder", "p-cpe:/a:centos:centos:perl-CPAN", "p-cpe:/a:centos:centos:perl-Time-Piece", "p-cpe:/a:centos:centos:perl-ExtUtils-Embed", "p-cpe:/a:centos:centos:perl-Pod-Escapes", "p-cpe:/a:centos:centos:perl-macros", "p-cpe:/a:centos:centos:perl-devel", "p-cpe:/a:centos:centos:perl-Module-Loaded", "p-cpe:/a:centos:centos:perl-libs", "p-cpe:/a:centos:centos:perl-core", "p-cpe:/a:centos:centos:perl-Module-CoreList", "p-cpe:/a:centos:centos:perl-Package-Constants"], "id": "CENTOS_RHSA-2021-0343.NASL", "href": "https://www.tenable.com/plugins/nessus/146100", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0343 and\n# CentOS Errata and Security Advisory 2021:0343 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146100);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2020-10543\", \"CVE-2020-10878\", \"CVE-2020-12723\");\n script_xref(name:\"RHSA\", value:\"2021:0343\");\n\n script_name(english:\"CentOS 7 : perl (CESA-2021:0343)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:0343 advisory.\n\n - perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)\n\n - perl: corruption of intermediate language state of compiled regular expression due to integer overflow\n leads to DoS (CVE-2020-10878)\n\n - perl: corruption of intermediate language state of compiled regular expression due to recursive\n S_study_chunk() calls leads to DoS (CVE-2020-12723)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-February/048259.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?69f683c0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/185.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10878\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 122, 185, 190, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-CPAN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-ExtUtils-CBuilder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-ExtUtils-Embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-ExtUtils-Install\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-IO-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Locale-Maketext-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Module-CoreList\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Module-Loaded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Object-Accessor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Package-Constants\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Pod-Escapes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Time-Piece\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'perl-5.16.3-299.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-core-5.16.3-299.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-CPAN-1.9800-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-devel-5.16.3-299.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-devel-5.16.3-299.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-ExtUtils-Embed-1.30-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-ExtUtils-Install-1.58-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-IO-Zlib-1.10-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-libs-5.16.3-299.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-libs-5.16.3-299.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Locale-Maketext-Simple-0.21-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-macros-5.16.3-299.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Module-CoreList-2.76.02-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Module-Loaded-0.08-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Object-Accessor-0.42-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Package-Constants-0.02-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Pod-Escapes-1.04-299.el7_9', 'sp':'9', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-tests-5.16.3-299.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Time-Piece-1.20.1-299.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'perl / perl-CPAN / perl-ExtUtils-CBuilder / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-01T00:53:55", "description": "An update of the perl package has been released.", "edition": 3, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2020-06-22T00:00:00", "title": "Photon OS 2.0: Perl PHSA-2020-2.0-0254", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "modified": "2020-06-22T00:00:00", "cpe": ["cpe:/o:vmware:photonos:2.0", "p-cpe:/a:vmware:photonos:perl"], "id": "PHOTONOS_PHSA-2020-2_0-0254_PERL.NASL", "href": "https://www.tenable.com/plugins/nessus/137719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0254. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137719);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/30\");\n\n script_cve_id(\"CVE-2020-10543\", \"CVE-2020-10878\", \"CVE-2020-12723\");\n script_xref(name:\"IAVA\", value:\"2020-A-0268\");\n\n script_name(english:\"Photon OS 2.0: Perl PHSA-2020-2.0-0254\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the perl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-254.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10878\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"perl-5.24.1-10.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-13T01:10:25", "description": "According to the versions of the perl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - regcomp.c in Perl before 5.30.3 allows a buffer\n overflow via a crafted regular expression because of\n recursive S_study_chunk calls.(CVE-2020-12723)\n\n - Perl before 5.30.3 has an integer overflow related to\n mishandling of a 'PL_regkind[OP(n)] == NOTHING'\n situation. A crafted regular expression could lead to\n malformed bytecode with a possibility of instruction\n injection.(CVE-2020-10878)\n\n - Perl before 5.30.3 on 32-bit platforms allows a\n heap-based buffer overflow because nested regular\n expression quantifiers have an integer\n overflow.(CVE-2020-10543)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2021-03-10T00:00:00", "title": "EulerOS : perl (EulerOS-SA-2021-1621)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "modified": "2021-03-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:perl", "p-cpe:/a:huawei:euleros:perl-libs", "cpe:/o:huawei:euleros:"], "id": "EULEROS_SA-2021-1621.NASL", "href": "https://www.tenable.com/plugins/nessus/147426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147426);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\n \"CVE-2020-10543\",\n \"CVE-2020-10878\",\n \"CVE-2020-12723\"\n );\n\n script_name(english:\"EulerOS : perl (EulerOS-SA-2021-1621)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the perl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - regcomp.c in Perl before 5.30.3 allows a buffer\n overflow via a crafted regular expression because of\n recursive S_study_chunk calls.(CVE-2020-12723)\n\n - Perl before 5.30.3 has an integer overflow related to\n mishandling of a 'PL_regkind[OP(n)] == NOTHING'\n situation. A crafted regular expression could lead to\n malformed bytecode with a possibility of instruction\n injection.(CVE-2020-10878)\n\n - Perl before 5.30.3 on 32-bit platforms allows a\n heap-based buffer overflow because nested regular\n expression quantifiers have an integer\n overflow.(CVE-2020-10543)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1621\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38afc200\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release (\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS \");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"perl-5.28.0-434.h9.eulerosv2r9\",\n \"perl-libs-5.28.0-434.h9.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-20T17:18:41", "description": "The version of perl installed on the remote host is prior to 5.16.3-299. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1610 advisory.\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular\n expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING\n situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction\n injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of\n recursive S_study_chunk calls. (CVE-2020-12723)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2021-02-19T00:00:00", "title": "Amazon Linux 2 : perl (ALAS-2021-1610)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "modified": "2021-02-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:perl-core", "p-cpe:/a:amazon:linux:perl-ExtUtils-Embed", "p-cpe:/a:amazon:linux:perl-Module-Loaded", "p-cpe:/a:amazon:linux:perl-Object-Accessor", "p-cpe:/a:amazon:linux:perl-libs", "p-cpe:/a:amazon:linux:perl-Time-Piece", "p-cpe:/a:amazon:linux:perl-tests", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:perl-Package-Constants", "p-cpe:/a:amazon:linux:perl-CPAN", "p-cpe:/a:amazon:linux:perl-debuginfo", "p-cpe:/a:amazon:linux:perl-devel", "p-cpe:/a:amazon:linux:perl-ExtUtils-Install", "p-cpe:/a:amazon:linux:perl-Pod-Escapes", "p-cpe:/a:amazon:linux:perl-Module-CoreList", "p-cpe:/a:amazon:linux:perl-Locale-Maketext-Simple", "p-cpe:/a:amazon:linux:perl-ExtUtils-CBuilder", "p-cpe:/a:amazon:linux:perl-IO-Zlib", "p-cpe:/a:amazon:linux:perl-macros", "p-cpe:/a:amazon:linux:perl"], "id": "AL2_ALAS-2021-1610.NASL", "href": "https://www.tenable.com/plugins/nessus/146623", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1610.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146623);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-10543\", \"CVE-2020-10878\", \"CVE-2020-12723\");\n script_xref(name:\"ALAS\", value:\"2021-1610\");\n\n script_name(english:\"Amazon Linux 2 : perl (ALAS-2021-1610)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of perl installed on the remote host is prior to 5.16.3-299. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1610 advisory.\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular\n expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING\n situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction\n injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of\n recursive S_study_chunk calls. (CVE-2020-12723)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1610.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12723\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update perl' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10878\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-CPAN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-ExtUtils-CBuilder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-ExtUtils-Embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-ExtUtils-Install\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-IO-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Locale-Maketext-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Module-CoreList\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Module-Loaded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Object-Accessor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Package-Constants\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Pod-Escapes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Time-Piece\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'perl-5.16.3-299.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perl-5.16.3-299.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'perl-5.16.3-299.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perl-core-5.16.3-299.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perl-core-5.16.3-299.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'perl-core-5.16.3-299.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perl-CPAN-1.9800-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-debuginfo-5.16.3-299.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perl-debuginfo-5.16.3-299.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'perl-debuginfo-5.16.3-299.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perl-devel-5.16.3-299.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perl-devel-5.16.3-299.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'perl-devel-5.16.3-299.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perl-ExtUtils-CBuilder-0.28.2.6-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-ExtUtils-Embed-1.30-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-ExtUtils-Install-1.58-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-IO-Zlib-1.10-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-libs-5.16.3-299.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perl-libs-5.16.3-299.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'perl-libs-5.16.3-299.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perl-Locale-Maketext-Simple-0.21-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-macros-5.16.3-299.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perl-macros-5.16.3-299.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'perl-macros-5.16.3-299.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perl-Module-CoreList-2.76.02-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-Module-Loaded-0.08-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-Object-Accessor-0.42-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-Package-Constants-0.02-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-Pod-Escapes-1.04-299.amzn2.0.1', 'release':'AL2'},\n {'reference':'perl-tests-5.16.3-299.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perl-tests-5.16.3-299.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'perl-tests-5.16.3-299.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perl-Time-Piece-1.20.1-299.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perl-Time-Piece-1.20.1-299.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'perl-Time-Piece-1.20.1-299.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl / perl-CPAN / perl-ExtUtils-CBuilder / etc\");\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2021-02-20T03:29:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "**Issue Overview:**\n\nPerl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. ([CVE-2020-10543 __](<https://access.redhat.com/security/cve/CVE-2020-10543>))\n\nPerl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. ([CVE-2020-10878 __](<https://access.redhat.com/security/cve/CVE-2020-10878>))\n\nregcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. ([CVE-2020-12723 __](<https://access.redhat.com/security/cve/CVE-2020-12723>))\n\n \n**Affected Packages:** \n\n\nperl\n\n \n**Issue Correction:** \nRun _yum update perl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n perl-5.16.3-299.amzn2.0.1.aarch64 \n perl-libs-5.16.3-299.amzn2.0.1.aarch64 \n perl-devel-5.16.3-299.amzn2.0.1.aarch64 \n perl-macros-5.16.3-299.amzn2.0.1.aarch64 \n perl-tests-5.16.3-299.amzn2.0.1.aarch64 \n perl-Time-Piece-1.20.1-299.amzn2.0.1.aarch64 \n perl-core-5.16.3-299.amzn2.0.1.aarch64 \n perl-debuginfo-5.16.3-299.amzn2.0.1.aarch64 \n \n i686: \n perl-5.16.3-299.amzn2.0.1.i686 \n perl-libs-5.16.3-299.amzn2.0.1.i686 \n perl-devel-5.16.3-299.amzn2.0.1.i686 \n perl-macros-5.16.3-299.amzn2.0.1.i686 \n perl-tests-5.16.3-299.amzn2.0.1.i686 \n perl-Time-Piece-1.20.1-299.amzn2.0.1.i686 \n perl-core-5.16.3-299.amzn2.0.1.i686 \n perl-debuginfo-5.16.3-299.amzn2.0.1.i686 \n \n noarch: \n perl-CPAN-1.9800-299.amzn2.0.1.noarch \n perl-ExtUtils-CBuilder-0.28.2.6-299.amzn2.0.1.noarch \n perl-ExtUtils-Embed-1.30-299.amzn2.0.1.noarch \n perl-ExtUtils-Install-1.58-299.amzn2.0.1.noarch \n perl-IO-Zlib-1.10-299.amzn2.0.1.noarch \n perl-Locale-Maketext-Simple-0.21-299.amzn2.0.1.noarch \n perl-Module-CoreList-2.76.02-299.amzn2.0.1.noarch \n perl-Module-Loaded-0.08-299.amzn2.0.1.noarch \n perl-Object-Accessor-0.42-299.amzn2.0.1.noarch \n perl-Package-Constants-0.02-299.amzn2.0.1.noarch \n perl-Pod-Escapes-1.04-299.amzn2.0.1.noarch \n \n src: \n perl-5.16.3-299.amzn2.0.1.src \n \n x86_64: \n perl-5.16.3-299.amzn2.0.1.x86_64 \n perl-libs-5.16.3-299.amzn2.0.1.x86_64 \n perl-devel-5.16.3-299.amzn2.0.1.x86_64 \n perl-macros-5.16.3-299.amzn2.0.1.x86_64 \n perl-tests-5.16.3-299.amzn2.0.1.x86_64 \n perl-Time-Piece-1.20.1-299.amzn2.0.1.x86_64 \n perl-core-5.16.3-299.amzn2.0.1.x86_64 \n perl-debuginfo-5.16.3-299.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2021-02-19T01:26:00", "published": "2021-02-19T01:26:00", "id": "ALAS2-2021-1610", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1610.html", "title": "Medium: perl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-10-27T19:58:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "USN-4602-1 fixed several vulnerabilities in Perl. This update provides \nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nManhND discovered that Perl incorrectly handled certain regular \nexpressions. In environments where untrusted regular expressions are \nevaluated, a remote attacker could possibly use this issue to cause Perl to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2020-10543)\n\nHugo van der Sanden and Slaven Rezic discovered that Perl incorrectly \nhandled certain regular expressions. In environments where untrusted \nregular expressions are evaluated, a remote attacker could possibly use \nthis issue to cause Perl to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2020-10878)\n\nSergey Aleynikov discovered that Perl incorrectly handled certain regular \nexpressions. In environments where untrusted regular expressions are \nevaluated, a remote attacker could possibly use this issue to cause Perl to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2020-12723)", "edition": 1, "modified": "2020-10-27T00:00:00", "published": "2020-10-27T00:00:00", "id": "USN-4602-2", "href": "https://ubuntu.com/security/notices/USN-4602-2", "title": "Perl vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-26T15:35:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "ManhND discovered that Perl incorrectly handled certain regular \nexpressions. In environments where untrusted regular expressions are \nevaluated, a remote attacker could possibly use this issue to cause Perl to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2020-10543)\n\nHugo van der Sanden and Slaven Rezic discovered that Perl incorrectly \nhandled certain regular expressions. In environments where untrusted \nregular expressions are evaluated, a remote attacker could possibly use \nthis issue to cause Perl to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2020-10878)\n\nSergey Aleynikov discovered that Perl incorrectly handled certain regular \nexpressions. In environments where untrusted regular expressions are \nevaluated, a remote attacker could possibly use this issue to cause Perl to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2020-12723)", "edition": 1, "modified": "2020-10-26T00:00:00", "published": "2020-10-26T00:00:00", "id": "USN-4602-1", "href": "https://ubuntu.com/security/notices/USN-4602-1", "title": "Perl vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723"], "description": "Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. This is a metapackage with all the Perl bits and core modules that can be found in the upstream tarball from perl.org. If you need only a specific feature, you can install a specific package instead. E.g. to handle Perl scripts with /usr/bin/perl interpreter, install perl-interpreter package. See perl-interpreter description for more details on the Perl decomposition into packages. ", "modified": "2020-06-16T01:19:13", "published": "2020-06-16T01:19:13", "id": "FEDORA:017273129EBB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: perl-5.30.3-452.fc31", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723"], "description": "Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. This is a metapackage with all the Perl bits and core modules that can be found in the upstream tarball from perl.org. If you need only a specific feature, you can install a specific package instead. E.g. to handle Perl scripts with /usr/bin/perl interpreter, install perl-interpreter package. See perl-interpreter description for more details on the Perl decomposition into packages. ", "modified": "2020-06-05T02:32:03", "published": "2020-06-05T02:32:03", "id": "FEDORA:481D1608F47B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: perl-5.30.3-453.fc32", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-06-23T01:23:26", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "This update for perl fixes the following issues:\n\n - CVE-2020-10543: Fixed a heap buffer overflow in regular expression\n compiler which could have allowed overwriting of allocated memory with\n attacker's data (bsc#1171863).\n - CVE-2020-10878: Fixed multiple integer overflows which could have\n allowed the insertion of instructions into the compiled form of Perl\n regular expression (bsc#1171864).\n - CVE-2020-12723: Fixed an attacker's corruption of the intermediate\n language state of a compiled regular expression (bsc#1171866).\n - Fixed a bad warning in features.ph (bsc#1172348).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-06-23T00:17:26", "published": "2020-06-23T00:17:26", "id": "OPENSUSE-SU-2020:0850-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html", "title": "Security update for perl (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-06-25T13:27:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "The remote host is missing an update for the ", "modified": "2020-06-24T00:00:00", "published": "2020-06-23T00:00:00", "id": "OPENVAS:1361412562310853226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853226", "type": "openvas", "title": "openSUSE: Security Advisory for perl (openSUSE-SU-2020:0850-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853226\");\n script_version(\"2020-06-24T03:42:18+0000\");\n script_cve_id(\"CVE-2020-10543\", \"CVE-2020-10878\", \"CVE-2020-12723\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-24 03:42:18 +0000 (Wed, 24 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-23 03:00:58 +0000 (Tue, 23 Jun 2020)\");\n script_name(\"openSUSE: Security Advisory for perl (openSUSE-SU-2020:0850-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0850-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl'\n package(s) announced via the openSUSE-SU-2020:0850-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for perl fixes the following issues:\n\n - CVE-2020-10543: Fixed a heap buffer overflow in regular expression\n compiler which could have allowed overwriting of allocated memory with\n attacker's data (bsc#1171863).\n\n - CVE-2020-10878: Fixed multiple integer overflows which could have\n allowed the insertion of instructions into the compiled form of Perl\n regular expression (bsc#1171864).\n\n - CVE-2020-12723: Fixed an attacker's corruption of the intermediate\n language state of a compiled regular expression (bsc#1171866).\n\n - Fixed a bad warning in features.ph (bsc#1172348).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-850=1\");\n\n script_tag(name:\"affected\", value:\"'perl' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.26.1~lp151.9.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.26.1~lp151.9.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-debuginfo\", rpm:\"perl-base-debuginfo~5.26.1~lp151.9.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.26.1~lp151.9.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-debugsource\", rpm:\"perl-debugsource~5.26.1~lp151.9.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-32bit\", rpm:\"perl-32bit~5.26.1~lp151.9.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-32bit-debuginfo\", rpm:\"perl-32bit-debuginfo~5.26.1~lp151.9.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-32bit\", rpm:\"perl-base-32bit~5.26.1~lp151.9.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-32bit-debuginfo\", rpm:\"perl-base-32bit-debuginfo~5.26.1~lp151.9.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.26.1~lp151.9.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-25T13:48:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "The remote host is missing an update for the ", "modified": "2020-06-24T00:00:00", "published": "2020-06-23T00:00:00", "id": "OPENVAS:1361412562310877986", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877986", "type": "openvas", "title": "Fedora: Security Advisory for perl (FEDORA-2020-fd73c08076)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877986\");\n script_version(\"2020-06-24T03:42:18+0000\");\n script_cve_id(\"CVE-2020-10543\", \"CVE-2020-10878\", \"CVE-2020-12723\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-24 03:42:18 +0000 (Wed, 24 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-23 03:20:19 +0000 (Tue, 23 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for perl (FEDORA-2020-fd73c08076)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-fd73c08076\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl'\n package(s) announced via the FEDORA-2020-fd73c08076 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Perl is a high-level programming language with roots in C, sed, awk and shell\nscripting. Perl is good at handling processes and files, and is especially\ngood at handling text. Perl&#39, s hallmarks are practicality and efficiency.\nWhile it is used to do a lot of different things, Perl&#39, s most common\napplications are system administration utilities and web programming.\n\nIf you need only a specific feature, you can install a specific package\ninstead. E.g. to handle Perl scripts with /usr/bin/perl interpreter,\ninstall perl-interpreter package. See perl-interpreter description for more\ndetails on the Perl decomposition into packages.\");\n\n script_tag(name:\"affected\", value:\"'perl' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.30.3~452.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-15T15:40:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "The remote host is missing an update for the ", "modified": "2020-06-12T00:00:00", "published": "2020-06-07T00:00:00", "id": "OPENVAS:1361412562310877942", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877942", "type": "openvas", "title": "Fedora: Security Advisory for perl (FEDORA-2020-4021bf2ae8)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877942\");\n script_version(\"2020-06-12T08:31:38+0000\");\n script_cve_id(\"CVE-2020-10543\", \"CVE-2020-10878\", \"CVE-2020-12723\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-12 08:31:38 +0000 (Fri, 12 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-07 03:28:09 +0000 (Sun, 07 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for perl (FEDORA-2020-4021bf2ae8)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-4021bf2ae8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EN7TDSLOKIUIYC3KXQNQS4E5K7HJLW\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl'\n package(s) announced via the FEDORA-2020-4021bf2ae8 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Perl is a high-level programming language with roots in C, sed, awk and shell\nscripting. Perl is good at handling processes and files, and is especially\ngood at handling text. Perl&#39, s hallmarks are practicality and efficiency.\nWhile it is used to do a lot of different things, Perl&#39, s most common\napplications are system administration utilities and web programming.\n\nIf you need only a specific feature, you can install a specific package\ninstead. E.g. to handle Perl scripts with /usr/bin/perl interpreter,\ninstall perl-interpreter package. See perl-interpreter description for more\ndetails on the Perl decomposition into packages.\");\n\n script_tag(name:\"affected\", value:\"'perl' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.30.3~453.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "aix": [{"lastseen": "2021-03-05T01:27:12", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12723", "CVE-2020-10543", "CVE-2020-10878"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Dec 9 16:36:39 CST 2020\n|Updated: Thu Mar 4 08:59:07 CST 2021\n|Update: iFixes now listed for AIX 7200-03-06, 7200-04-03, 7200-05-00, and\n| 7200-05-01. iFixes now listed for VIOS 3.1.0.50, 3.1.1.30, 3.1.2.0, and\n| 3.1.2.10.\n\nThe most recent version of this document is available here:\nhttp://aix.software.ibm.com/aix/efixes/security/perl_advisory5.asc\nhttps://aix.software.ibm.com/aix/efixes/security/perl_advisory5.asc\nftp://aix.software.ibm.com/aix/efixes/security/perl_advisory5.asc\n\nSecurity Bulletin: Vulnerabilities in Perl affect AIX (CVE-2020-10543,\n CVE-2020-10878, and CVE-2020-12723)\n\n===============================================================================\n\nSUMMARY:\n\n There are vulnerabilities in Perl that affect AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2020-10543\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543\n DESCRIPTION: Perl before 5.30.3 on 32-bit platforms allows a heap-based\n buffer overflow because nested regular expression quantifiers have an\n integer overflow.\n CVSS Base Score: 9.8\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/183203\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n CVEID: CVE-2020-10878\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878\n DESCRIPTION: Perl before 5.30.3 has an integer overflow related to\n mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted\n regular expression could lead to malformed bytecode with a\n possibility of instruction injection.\n CVSS Base Score: 9.8\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/183204\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n CVEID: CVE-2020-12723\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12723\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12723\n DESCRIPTION: regcomp.c in Perl before 5.30.3 allows a buffer overflow\n via a crafted regular expression because of recursive S_study_chunk\n calls.\n CVSS Base Score: 9.8\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/183205\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 7.1, 7.2\n VIOS 3.1\n\n The following fileset levels are vulnerable:\n \n key_fileset = aix\n\n Fileset Lower Level Upper Level KEY \n ---------------------------------------------------------\n perl.rte 5.20.1.0 5.20.1.3 key_w_fs\n perl.rte 5.28.1.0 5.28.1.3 key_w_fs\n \n To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i perl.rte\n\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n -----------------------------------------------------\n 7.1.5 IJ26985 ** N/A key_w_apar\n 7.2.3 IJ26986 ** N/A key_w_apar\n 7.2.4 IJ26985 ** N/A key_w_apar\n| 7.2.5 IJ26985 ** N/A key_w_apar\n\n VIOS Level APAR Availability SP KEY\n ----------------------------------------------------\n 3.1.0 IJ26986 ** N/A key_w_apar\n 3.1.1 IJ26985 ** N/A key_w_apar\n| 3.1.2 IJ26985 ** N/A key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/pages/apar/IJ26985\n http://www.ibm.com/support/pages/apar/IJ26986\n\n https://www.ibm.com/support/pages/apar/IJ26985\n https://www.ibm.com/support/pages/apar/IJ26986\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n AIX and VIOS fixes are available.\n\n The AIX and VIOS fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/perl_fix5.tar\n http://aix.software.ibm.com/aix/efixes/security/perl_fix5.tar\n https://aix.software.ibm.com/aix/efixes/security/perl_fix5.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n ----------------------------------------------\n 7.1.5.5 IJ26985s1a.200812.epkg.Z key_w_fix\n 7.1.5.6 IJ26985s1a.200812.epkg.Z key_w_fix\n 7.1.5.7 IJ26985s1a.200812.epkg.Z key_w_fix\n 7.2.3.3 IJ26986s1a.200813.epkg.Z key_w_fix\n 7.2.3.4 IJ26986s1a.200813.epkg.Z key_w_fix\n 7.2.3.5 IJ26986s1a.200813.epkg.Z key_w_fix\n| 7.2.3.6 IJ26986s1a.200813.epkg.Z key_w_fix\n 7.2.4.0 IJ26985s1a.200812.epkg.Z key_w_fix\n 7.2.4.1 IJ26985s1a.200812.epkg.Z key_w_fix\n 7.2.4.2 IJ26985s1a.200812.epkg.Z key_w_fix\n| 7.2.4.3 IJ26985s1a.200812.epkg.Z key_w_fix\n| 7.2.5.0 IJ26985s1a.200812.epkg.Z key_w_fix\n| 7.2.5.1 IJ26985s1a.200812.epkg.Z key_w_fix\n \n Please note that the above table refers to AIX TL/SP level as\n opposed to fileset level, i.e., 7.2.3.5 is AIX 7200-03-05.\n\n Please reference the Affected Products and Version section above\n for help with checking installed fileset levels.\n\n VIOS Level Interim Fix (*.Z) KEY\n -----------------------------------------------\n 3.1.0.20 IJ26986s1a.200813.epkg.Z key_w_fix\n 3.1.0.21 IJ26986s1a.200813.epkg.Z key_w_fix\n 3.1.0.30 IJ26986s1a.200813.epkg.Z key_w_fix\n 3.1.0.40 IJ26986s1a.200813.epkg.Z key_w_fix\n| 3.1.0.50 IJ26986s1a.200813.epkg.Z key_w_fix\n 3.1.1.0 IJ26985s1a.200812.epkg.Z key_w_fix\n 3.1.1.10 IJ26985s1a.200812.epkg.Z key_w_fix\n 3.1.1.20 IJ26985s1a.200812.epkg.Z key_w_fix\n 3.1.1.21 IJ26985s1a.200812.epkg.Z key_w_fix\n 3.1.1.22 IJ26985s1a.200812.epkg.Z key_w_fix\n 3.1.1.25 IJ26985s1a.200812.epkg.Z key_w_fix\n| 3.1.1.30 IJ26985s1a.200812.epkg.Z key_w_fix\n| 3.1.2.0 IJ26985s1a.200812.epkg.Z key_w_fix\n| 3.1.2.10 IJ26985s1a.200812.epkg.Z key_w_fix\n\n To extract the fixes from the tar file:\n\n tar xvf perl_fix5.tar\n cd perl_fix5\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 [filename]\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 389f7f4c299a6236394da168b2c2d6316db2fdc36a1c8ddc69aa3b3053ca2526 IJ26985s1a.200812.epkg.Z key_w_csum\n e45b0ed34077f3432d5fca86d23a94b79ed34bf544e45ec4ccf83e7d6d0a4b14 IJ26986s1a.200813.epkg.Z key_w_csum\n\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM Support at\n http://ibm.com/support/ and describe the discrepancy. \n \n openssl dgst -sha1 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n \n openssl dgst -sha1 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/perl_advisory5.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/perl_advisory5.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/perl_advisory5.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n If possible, it is recommended that a mksysb backup of the system \n be created. Verify it is both bootable and readable before\n proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n ftp://ftp.software.ibm.com/systems/power/AIX/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n IBM Secure Engineering Web Portal\n http://www.ibm.com/security/secure-engineering/bulletins.html\n\n IBM Product Security Incident Response Blog\n https://www.ibm.com/blogs/psirt/\n\n Security Bulletin: Vulnerabilities in Perl affect AIX\n https://www.ibm.com/support/pages/node/6380428\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Wed Dec 9 16:36:39 CST 2020\n| Updated: Thu Mar 4 08:59:07 CST 2021\n| Update: iFixes now listed for AIX 7200-03-06, 7200-04-03, 7200-05-00, and\n| 7200-05-01. iFixes now listed for VIOS 3.1.0.50, 3.1.1.30, 3.1.2.0, \n| and 3.1.2.10.\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n", "edition": 3, "modified": "2021-03-04T08:59:07", "published": "2020-12-09T16:36:39", "id": "PERL_ADVISORY5.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/perl_advisory5.asc", "title": "There are vulnerabilities in Perl that affect AIX.", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hackerone": [{"lastseen": "2020-11-09T04:21:08", "bulletinFamily": "bugbounty", "bounty": 1000.0, "cvelist": ["CVE-2020-10543"], "description": "CVE ID: CVE-2020-10543\nSee:\n + https://metacpan.org/pod/release/XSAWYERX/perl-5.30.3/pod/perldelta.pod\n + https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod\n\n## Impact\n\nPotential RCE", "modified": "2020-11-09T03:27:46", "published": "2020-06-01T23:58:45", "id": "H1:888986", "href": "https://hackerone.com/reports/888986", "type": "hackerone", "title": "Perl (IBB): [CVE-2020-10543] Buffer overflow caused by a crafted regular expression", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-02-18T05:35:55", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12723"], "description": "[4:5.26.3-417]\n- Fix CVE-2020-12723 (bug #1909860)\n- Fix Time-Local tests to pass after year 2019 (bug #1807120)", "edition": 1, "modified": "2021-02-18T00:00:00", "published": "2021-02-18T00:00:00", "id": "ELSA-2021-0557", "href": "http://linux.oracle.com/errata/ELSA-2021-0557.html", "title": "perl security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oracle": [{"lastseen": "2021-02-27T21:41:27", "bulletinFamily": "software", "cvelist": ["CVE-2012-2098", "CVE-2015-4000", "CVE-2015-8965", "CVE-2016-1000031", "CVE-2016-5725", "CVE-2017-12626", "CVE-2017-5611", "CVE-2017-5645", "CVE-2017-8028", "CVE-2018-0732", "CVE-2018-10237", "CVE-2018-11775", "CVE-2018-1258", "CVE-2018-1285", "CVE-2018-15756", "CVE-2018-20781", "CVE-2018-2587", "CVE-2018-7318", "CVE-2018-8032", "CVE-2018-9019", "CVE-2019-0188", "CVE-2019-0227", "CVE-2019-0230", "CVE-2019-0233", "CVE-2019-10086", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11135", "CVE-2019-11269", "CVE-2019-11358", "CVE-2019-12399", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-13990", "CVE-2019-14862", "CVE-2019-1551", "CVE-2019-1559", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17563", "CVE-2019-17566", "CVE-2019-17569", "CVE-2019-20892", "CVE-2019-20907", "CVE-2019-2697", "CVE-2019-3773", "CVE-2019-3778", "CVE-2019-5427", "CVE-2019-7164", "CVE-2019-7548", "CVE-2019-9511", "CVE-2019-9513", "CVE-2020-10531", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10725", "CVE-2020-10726", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11612", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11979", "CVE-2020-11984", "CVE-2020-11985", "CVE-2020-11993", "CVE-2020-11994", "CVE-2020-11996", "CVE-2020-11998", "CVE-2020-12723", "CVE-2020-13254", "CVE-2020-13596", "CVE-2020-13871", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13954", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14147", "CVE-2020-14195", "CVE-2020-14422", "CVE-2020-14750", "CVE-2020-14756", "CVE-2020-14803", "CVE-2020-15025", "CVE-2020-15358", "CVE-2020-17498", "CVE-2020-17521", "CVE-2020-17530", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1945", "CVE-2020-1967", "CVE-2020-1968", "CVE-2020-1971", "CVE-2020-24583", "CVE-2020-24584", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-25020", "CVE-2020-2555", "CVE-2020-25862", "CVE-2020-25863", "CVE-2020-25866", "CVE-2020-26575", "CVE-2020-27216", "CVE-2020-35460", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-5421", "CVE-2020-7064", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8265", "CVE-2020-8277", "CVE-2020-8287", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548", "CVE-2021-1993", "CVE-2021-1994", "CVE-2021-1995", "CVE-2021-1996", "CVE-2021-1997", "CVE-2021-1998", "CVE-2021-1999", "CVE-2021-2000", "CVE-2021-2001", "CVE-2021-2002", "CVE-2021-2003", "CVE-2021-2004", "CVE-2021-2005", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2012", "CVE-2021-2013", "CVE-2021-2014", "CVE-2021-2015", "CVE-2021-2016", "CVE-2021-2017", "CVE-2021-2018", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2021", "CVE-2021-2022", "CVE-2021-2023", "CVE-2021-2024", "CVE-2021-2025", "CVE-2021-2026", "CVE-2021-2027", "CVE-2021-2028", "CVE-2021-2029", "CVE-2021-2030", "CVE-2021-2031", "CVE-2021-2032", "CVE-2021-2033", "CVE-2021-2034", "CVE-2021-2035", "CVE-2021-2036", "CVE-2021-2038", "CVE-2021-2039", "CVE-2021-2040", "CVE-2021-2041", "CVE-2021-2042", "CVE-2021-2043", "CVE-2021-2044", "CVE-2021-2045", "CVE-2021-2046", "CVE-2021-2047", "CVE-2021-2048", "CVE-2021-2049", "CVE-2021-2050", "CVE-2021-2051", "CVE-2021-2052", "CVE-2021-2054", "CVE-2021-2055", "CVE-2021-2056", "CVE-2021-2057", "CVE-2021-2058", "CVE-2021-2059", "CVE-2021-2060", "CVE-2021-2061", "CVE-2021-2062", "CVE-2021-2063", "CVE-2021-2064", "CVE-2021-2065", "CVE-2021-2066", "CVE-2021-2067", "CVE-2021-2068", "CVE-2021-2069", "CVE-2021-2070", "CVE-2021-2071", "CVE-2021-2072", "CVE-2021-2073", "CVE-2021-2074", "CVE-2021-2075", "CVE-2021-2076", "CVE-2021-2077", "CVE-2021-2078", "CVE-2021-2079", "CVE-2021-2080", "CVE-2021-2081", "CVE-2021-2082", "CVE-2021-2083", "CVE-2021-2084", "CVE-2021-2085", "CVE-2021-2086", "CVE-2021-2087", "CVE-2021-2088", "CVE-2021-2089", "CVE-2021-2090", "CVE-2021-2091", "CVE-2021-2092", "CVE-2021-2093", "CVE-2021-2094", "CVE-2021-2096", "CVE-2021-2097", "CVE-2021-2098", "CVE-2021-2099", "CVE-2021-2100", "CVE-2021-2101", "CVE-2021-2102", "CVE-2021-2103", "CVE-2021-2104", "CVE-2021-2105", "CVE-2021-2106", "CVE-2021-2107", "CVE-2021-2108", "CVE-2021-2109", "CVE-2021-2110", "CVE-2021-2111", "CVE-2021-2112", "CVE-2021-2113", "CVE-2021-2114", "CVE-2021-2115", "CVE-2021-2116", "CVE-2021-2117", "CVE-2021-2118", "CVE-2021-2119", "CVE-2021-2120", "CVE-2021-2121", "CVE-2021-2122", "CVE-2021-2123", "CVE-2021-2124", "CVE-2021-2125", "CVE-2021-2126", "CVE-2021-2127", "CVE-2021-2128", "CVE-2021-2129", "CVE-2021-2130", "CVE-2021-2131"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 329 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2021 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2739494.1>).\n\n**Please note that since the release of the October 2020 Critical Patch Update, Oracle has released a Security Alert for Oracle WebLogic Server: [CVE-2020-14750 (November 1, 2020)](<https://www.oracle.com/security-alerts/alert-cve-2020-14750.html>). Customers are strongly advised to apply this Critical Patch Update, which includes patches for this Alert as well as additional patches.**\n", "modified": "2021-02-22T00:00:00", "published": "2021-01-19T00:00:00", "id": "ORACLE:CPUJAN2021", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2021", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T15:41:14", "bulletinFamily": "software", "cvelist": ["CVE-2013-7285", "CVE-2015-1832", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000340", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-1000352", "CVE-2016-10244", "CVE-2016-10328", "CVE-2016-2167", "CVE-2016-2168", "CVE-2016-2183", "CVE-2016-2510", "CVE-2016-3189", "CVE-2016-4800", "CVE-2016-5000", "CVE-2016-5300", "CVE-2016-5725", "CVE-2016-6153", "CVE-2016-6306", "CVE-2016-8610", "CVE-2016-8734", "CVE-2017-10989", "CVE-2017-12626", "CVE-2017-13098", "CVE-2017-13685", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-15095", "CVE-2017-15286", "CVE-2017-17485", "CVE-2017-3164", "CVE-2017-5644", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-7525", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2017-9096", "CVE-2017-9735", "CVE-2017-9800", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-14718", "CVE-2018-15769", "CVE-2018-17196", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-20346", "CVE-2018-20505", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-2765", "CVE-2018-3693", "CVE-2018-5382", "CVE-2018-5968", "CVE-2018-6942", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8088", "CVE-2018-8740", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0192", "CVE-2019-0201", "CVE-2019-10072", "CVE-2019-10097", "CVE-2019-1010239", "CVE-2019-10173", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11048", "CVE-2019-11358", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11834", "CVE-2019-11835", "CVE-2019-11922", "CVE-2019-12086", "CVE-2019-12260", "CVE-2019-12261", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12900", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14540", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17495", "CVE-2019-17531", "CVE-2019-17543", "CVE-2019-17558", "CVE-2019-17569", "CVE-2019-17632", "CVE-2019-17638", "CVE-2019-18348", "CVE-2019-20330", "CVE-2019-2897", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5018", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-10108", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11984", "CVE-2020-11993", "CVE-2020-11996", "CVE-2020-12243", "CVE-2020-12723", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-13920", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-14672", "CVE-2020-14731", "CVE-2020-14732", "CVE-2020-14734", "CVE-2020-14735", "CVE-2020-14736", "CVE-2020-14740", "CVE-2020-14741", "CVE-2020-14742", "CVE-2020-14743", "CVE-2020-14744", "CVE-2020-14745", "CVE-2020-14746", "CVE-2020-14752", "CVE-2020-14753", "CVE-2020-14754", "CVE-2020-14757", "CVE-2020-14758", "CVE-2020-14759", "CVE-2020-14760", "CVE-2020-14761", "CVE-2020-14762", "CVE-2020-14763", "CVE-2020-14764", "CVE-2020-14765", "CVE-2020-14766", "CVE-2020-14767", "CVE-2020-14768", "CVE-2020-14769", "CVE-2020-14770", "CVE-2020-14771", "CVE-2020-14772", "CVE-2020-14773", "CVE-2020-14774", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14778", "CVE-2020-14779", "CVE-2020-14780", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14783", "CVE-2020-14784", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14787", "CVE-2020-14788", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14792", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14795", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14801", "CVE-2020-14802", "CVE-2020-14803", "CVE-2020-14804", "CVE-2020-14805", "CVE-2020-14806", "CVE-2020-14807", "CVE-2020-14808", "CVE-2020-14809", "CVE-2020-14810", "CVE-2020-14811", "CVE-2020-14812", "CVE-2020-14813", "CVE-2020-14814", "CVE-2020-14815", "CVE-2020-14816", "CVE-2020-14817", "CVE-2020-14818", "CVE-2020-14819", "CVE-2020-14820", "CVE-2020-14821", "CVE-2020-14822", "CVE-2020-14823", "CVE-2020-14824", "CVE-2020-14825", "CVE-2020-14826", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14831", "CVE-2020-14832", "CVE-2020-14833", "CVE-2020-14834", "CVE-2020-14835", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14840", "CVE-2020-14841", "CVE-2020-14842", "CVE-2020-14843", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14847", "CVE-2020-14848", "CVE-2020-14849", "CVE-2020-14850", "CVE-2020-14851", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14854", "CVE-2020-14855", "CVE-2020-14856", "CVE-2020-14857", "CVE-2020-14858", "CVE-2020-14859", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14862", "CVE-2020-14863", "CVE-2020-14864", "CVE-2020-14865", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14871", "CVE-2020-14872", "CVE-2020-14873", "CVE-2020-14875", "CVE-2020-14876", "CVE-2020-14877", "CVE-2020-14878", "CVE-2020-14879", "CVE-2020-14880", "CVE-2020-14881", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-14884", "CVE-2020-14885", "CVE-2020-14886", "CVE-2020-14887", "CVE-2020-14888", "CVE-2020-14889", "CVE-2020-14890", "CVE-2020-14891", "CVE-2020-14892", "CVE-2020-14893", "CVE-2020-14894", "CVE-2020-14895", "CVE-2020-14896", "CVE-2020-14897", "CVE-2020-14898", "CVE-2020-14899", "CVE-2020-14900", "CVE-2020-14901", "CVE-2020-15358", "CVE-2020-15389", "CVE-2020-1730", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1953", "CVE-2020-1954", "CVE-2020-1967", "CVE-2020-2555", "CVE-2020-3235", "CVE-2020-3909", "CVE-2020-4051", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-7067", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8840", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9409", "CVE-2020-9410", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9489", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n \nStarting with the October 2020 Critical Patch Update, Oracle lists updates that address vulnerabilities in third-party components which are not exploitable in the context of their inclusion in their respective Oracle product beneath the product's risk matrix. Oracle has published two versions of the October 2020 Critical Patch Update Advisory: this version of the advisory implemented the change in how non-exploitable vulnerabilities in third-party components are reported, and the \u201ctraditional\u201d advisory follows the same format as the previous advisories. The \u201ctraditional\u201d advisory is published at <https://www.oracle.com/security-alerts/cpuoct2020traditional.html>. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 403 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2712240.1>).\n", "modified": "2020-12-08T00:00:00", "published": "2020-10-20T00:00:00", "id": "ORACLE:CPUOCT2020", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}