As BSI experiences, an IT safety warning a couple of recognized Perl vulnerability has acquired an replace. You can learn the way affected customers ought to behave right here.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Red Hat Security Advisory RHSA-2024:3094 (From 22 May 2024). Some helpful sources are listed later on this article.
Perl safety warning – danger: medium
Risk stage: 3 (average)
CVSS Base Score: 7.3
CVSS provisional rating: 6,4
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS commonplace makes it attainable to check potential or precise safety dangers primarily based on varied standards to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For short-term impact, body situations which will change over time are thought-about within the check. The danger of the vulnerability talked about right here is assessed as “average” in accordance with the CVSS with a base rating of seven.3.
Perl Bug: Vulnerability permits safety measures to be bypassed
Perl is a free, impartial and interpreted programming language (scripting language).
An attacker can exploit a vulnerability in Perl to bypass safety measures.
Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) ID quantity. CVE-2023-31484 on the market.
About Perl safety vulnerabilities at a look
Products
IBM VIOS 3.1 (cpe:/a:ibm:vios)
IBM AIX 7.2 (cpe:/o:ibm:aix)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Open Source Perl CPAN.pm IBM AIX 7.3 (cpe:/o:ibm:aix)
General suggestions for coping with IT vulnerabilities
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually incorporates further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently examine the desired sources to see if a brand new safety replace is obtainable.
Manufacturer details about updates, patches and workarounds
Here you will see that some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3094 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6539 vom 2023-11-07 (07.11.2023)
For extra info, see:
IBM Security Bulletin 7047272 vom 2023-10-05 (05.10.2023)
For extra info, see:
Ubuntu Security Notice USN-6112-1 vom 2023-09-06 (05.09.2023)
For extra info, see:
Ubuntu Security Notice USN-6112-2 vom 2023-08-02 (02.08.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:2923-1 vom 2023-07-22 (23.07.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:2881-1 vom 2023-07-22 (23.07.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:2882-1 vom 2023-07-22 (23.07.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-46924E402A vom 2023-06-30 (29.06.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-1E5AF38524 vom 2023-06-30 (29.06.2023)
For extra info, see:
Red Hat Bugzilla – Bug 2218667 from 2023-06-29 (29.06.2023)
For extra info, see:
Version historical past of this safety alert
This is model 7 of this Perl IT safety discover. This doc shall be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past under.
June 29, 2023 – First model
July 23, 2023 – New updates from SUSE added
08/02/2023 – Added new persona updates
September 5, 2023 – Added new persona updates
October 5, 2023 – New updates from IBM added
11/07/2023 – New updates from Red Hat added
May 21, 2024 – New updates from Red Hat added
+++ Editorial observe: This doc relies on present BSI information and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that sizzling information, present movies and a direct line to the editorial crew.
kns/roj/information.de