The safety warning issued for Perl has acquired an replace from BSI. You can learn how affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) revealed an replace on May 22, 2024 for a safety gap with a Perl vulnerability recognized on April 15, 2018. The safety vulnerability impacts the Linux working system and the merchandise Red Hat Enterprise Linux, Ubuntu Linux, Open Source Perl, SUSE Linux and Debian Linux.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: SUSE Security Update SUSE-SU-2024:1762-1 (From 22 May 2024). Some helpful sources are listed later on this article.
Multiple Perl Vulnerabilities – Risk: reasonable
Risk stage: 3 (reasonable)
CVSS Base Score: 6.5
CVSS provisional rating: 5,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop programs. The CVSS normal makes it potential to check potential or precise safety dangers primarily based on varied standards to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For momentary impact, body circumstances which will change over time are thought of within the check. According to CVSS, the chance of the vulnerability talked about right here is rated as “reasonable” with 6.5 foundation factors.
Perl Bug: The penalties of an IT assault
Perl is a free, unbiased and interpreted programming language (the scripting language of the Debian Linux distribution that incorporates solely free software program).
An area attacker can exploit a number of vulnerabilities in Perl to carry out a denial of service assault.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2018-6797, CVE-2018-6798 and CVE-2018-6913 on the market.
Systems affected by the Perl vulnerability at a look
working system
Linux
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
Open Source Perl (cpe:/a:perl:perl)
SUSE Linux (cpe:/o:use:suse_linux)
Debian Linux Stretch (9.0) Debian Linux Jessie (8.0)
Common steps to deal with IT safety gaps
- Users of affected programs ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically incorporates further details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently test the required sources to see if a brand new safety replace is accessible.
Manufacturer details about updates, patches and workarounds
Here you can see some hyperlinks with details about bug reviews, safety fixes and workarounds.
SUSE Security Update SUSE-SU-2024:1762-1 vom 2024-05-22 (22.05.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1630-1 vom 2024-05-14 (13.05.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2018:2447-1 vom 2018-08-20 (20.08.2018)
For extra data, see:
SUSE Security Update SUSE-SU-2018:1972-1 vom 2018-07-18 (17.07.2018)
For extra data, see:
SUSE Security Update SUSE-SU-2018:1074-1 vom 2018-04-25 (25.04.2018)
For extra data, see:
Red Hat Security Advisory RHSA-2018:1192 vom 2018-04-23 (23.04.2018)
For extra data, see:
SUSE Security Update SUSE-SU-2018:0976-1 vom 2018-04-18 (18.04.2018)
For extra data, see:
Ubuntu Security Notice USN-3625-1 vom 2018-04-17 (16.04.2018)
For extra data, see:
Debian Security Advisory DSA-4172 vom 2018-04-15 (15.04.2018)
For extra data, see:
Version historical past of this safety alert
This is model 12 of this Perl IT safety advisory. This doc might be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past beneath.
15.04.2018 – Original Release
April 15, 2018 – Version not obtainable
16.04.2018 – A brand new repair is āāobtainable
April 16, 2018 – Version not obtainable
17.04.2018 – Additional references
23.04.2018 – A brand new repair is āāobtainable
25.04.2018 – A brand new repair is āāobtainable
17.07.2018 – A brand new repair is āāobtainable
20.08.2018 – A brand new repair is āāobtainable
09/08/2019 – References added: GLSA201909-01
May 13, 2024 – New updates from SUSE added
May 22, 2024 – New updates from SUSE added
+++ Editorial word: This doc relies on present BSI knowledge and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you can see scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de