Headline
Ubuntu Security Notice USN-5689-2
Ubuntu Security Notice 5689-2 - USN-5689-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 22.10. It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification.
==========================================================================
Ubuntu Security Notice USN-5689-2
November 28, 2022
perl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
Summary:
Perl could be made to by pass signature verification.
Software Description:
- perl: Practical Extraction and Report Language
Details:
USN-5689-1 fixed a vulnerability in Perl.
This update provides the corresponding update for Ubuntu 22.10.
Original advisory details:
It was discovered that Perl incorrectly handled certain signature verification.
An remote attacker could possibly use this issue to bypass signature verification.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
perl 5.34.0-5ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5689-2
https://ubuntu.com/security/notices/USN-5689-1
CVE-2020-16156
Package Information:
https://launchpad.net/ubuntu/+source/perl/5.34.0-5ubuntu1.1
Related news
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]