[SECURITY] [DSA 5816-1] libmodule-scandeps-perl security update
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 5816-1] libmodule-scandeps-perl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5816-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 19, 2024                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libmodule-scandeps-perl
CVE ID         : CVE-2024-10224

The Qualys Threat Research Unit discovered that libmodule-scandeps-perl,
a Perl module to recursively scan Perl code for dependencies, allows an
attacker to execute arbitrary shell commands via specially crafted file
names.

Details can be found in the Qualys advisory at
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

For the stable distribution (bookworm), this problem has been fixed in
version 1.31-2+deb12u1.

We recommend that you upgrade your libmodule-scandeps-perl packages.

For the detailed security status of libmodule-scandeps-perl please refer
to its security tracker page at:
https://security-tracker.debian.org/tracker/libmodule-scandeps-perl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmc8u7tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Ta0A//TsnJj10BYWU0GlFOs6sGALdSfLn8vxB/E5MM6O4ZSEFC0u8KywvrESTg
oxh5QieR4kqPDnq5JYIKwBZkD+ohI57ji2xcnjYIp/HRoRXC8IETPvjJHIu5rbtN
BiMSyvp/9YYGUfOzPDGgqO7Rhuz/GqoFwkvziDXiUOg8OYE4kOUunXuMWBXSOQ6W
Oji2YHHomRb13QY1DnAx5ISAthBlDeTVLAsReWG6e+dzR6Z+VDRLEHwiXJS9EJSS
Si4a+KLf5TqJRfI+rSDaRJPRO53I657Xk4Ob5PEc1ay6LfUtdg8zzxyt/FCzlMng
3mO80A4s2dS4T02L9SeeniSVQFE+etmTQAR3sIoe4AYulgXu5Jz4NrUmNohMdqrq
xYtIcUD24aig4DRujVMcK5RHndw3JG9/TP5obPeJ5Cjlb28MpeE67e3bgnqzVdN7
QZLKPoEX0C9LZk+sWqLYx2P1nwiPeaEwYppSFErsZV3w0qnJkTa97LY2XiRTlIWw
wBjUrHi78bhoGo2Mpo9iGdjN4fcbBolqZ6c/xOWTBmouRWWyD1CblpEZ3UUqnn74
wUqLknPAdMt8F8C91cKPdXoXkY3nrV01jecj8hfUU3qvDvbu4lyjWmUOP+dYJLUt
zgJobOMroKkug8sld+eweWF1ILdgCsrQRSUrPYyiP4sAMC6uAKE=
=+uJR
-----END PGP SIGNATURE-----


Reply to: