ID de Prueba:	1.3.6.1.4.1.25623.1.0.72095
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:008 (perl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to perl announced via advisory MDVSA-2012:008. Multiple vulnerabilities has been found and corrected in perl: Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow (CVE-2011-2939). Eval injection in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor (CVE-2011-3597). The updated packages have been patched to correct these issues. Affected: 2010.1, 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:008 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2939 46172 http://secunia.com/advisories/46172 46989 http://secunia.com/advisories/46989 49858 http://www.securityfocus.com/bid/49858 51457 http://secunia.com/advisories/51457 55314 http://secunia.com/advisories/55314 MDVSA-2012:008 http://www.mandriva.com/security/advisories?name=MDVSA-2012:008 RHSA-2011:1424 http://www.redhat.com/support/errata/RHSA-2011-1424.html USN-1643-1 http://www.ubuntu.com/usn/USN-1643-1 [oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string http://www.openwall.com/lists/oss-security/2011/08/18/8 [oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string http://www.openwall.com/lists/oss-security/2011/08/19/17 http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29 https://bugzilla.redhat.com/show_bug.cgi?id=731246 Common Vulnerability Exposure (CVE) ID: CVE-2011-3597 46279 http://secunia.com/advisories/46279 49911 http://www.securityfocus.com/bid/49911 MDVSA-2012:009 http://www.mandriva.com/security/advisories?name=MDVSA-2012:009 RHSA-2011:1797 http://www.redhat.com/support/errata/RHSA-2011-1797.html http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 https://bugzilla.redhat.com/show_bug.cgi?id=743010 oval:org.mitre.oval:def:19446 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.