Headline
Debian Security Advisory 5816-1
Debian Linux Security Advisory 5816-1 - The Qualys Threat Research Unit discovered that libmodule-scandeps-perl, a Perl module to recursively scan Perl code for dependencies, allows an attacker to execute arbitrary shell commands via specially crafted file names.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5816-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
November 19, 2024 https://www.debian.org/security/faq
Package : libmodule-scandeps-perl
CVE ID : CVE-2024-10224
The Qualys Threat Research Unit discovered that libmodule-scandeps-perl,
a Perl module to recursively scan Perl code for dependencies, allows an
attacker to execute arbitrary shell commands via specially crafted file
names.
Details can be found in the Qualys advisory at
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
For the stable distribution (bookworm), this problem has been fixed in
version 1.31-2+deb12u1.
We recommend that you upgrade your libmodule-scandeps-perl packages.
For the detailed security status of libmodule-scandeps-perl please refer
to its security tracker page at:
https://security-tracker.debian.org/tracker/libmodule-scandeps-perl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmc8u7tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Ta0A//TsnJj10BYWU0GlFOs6sGALdSfLn8vxB/E5MM6O4ZSEFC0u8KywvrESTg
oxh5QieR4kqPDnq5JYIKwBZkD+ohI57ji2xcnjYIp/HRoRXC8IETPvjJHIu5rbtN
BiMSyvp/9YYGUfOzPDGgqO7Rhuz/GqoFwkvziDXiUOg8OYE4kOUunXuMWBXSOQ6W
Oji2YHHomRb13QY1DnAx5ISAthBlDeTVLAsReWG6e+dzR6Z+VDRLEHwiXJS9EJSS
Si4a+KLf5TqJRfI+rSDaRJPRO53I657Xk4Ob5PEc1ay6LfUtdg8zzxyt/FCzlMng
3mO80A4s2dS4T02L9SeeniSVQFE+etmTQAR3sIoe4AYulgXu5Jz4NrUmNohMdqrq
xYtIcUD24aig4DRujVMcK5RHndw3JG9/TP5obPeJ5Cjlb28MpeE67e3bgnqzVdN7
QZLKPoEX0C9LZk+sWqLYx2P1nwiPeaEwYppSFErsZV3w0qnJkTa97LY2XiRTlIWw
wBjUrHi78bhoGo2Mpo9iGdjN4fcbBolqZ6c/xOWTBmouRWWyD1CblpEZ3UUqnn74
wUqLknPAdMt8F8C91cKPdXoXkY3nrV01jecj8hfUU3qvDvbu4lyjWmUOP+dYJLUt
zgJobOMroKkug8sld+eweWF1ILdgCsrQRSUrPYyiP4sAMC6uAKE=
=+uJR
-----END PGP SIGNATURE-----
Related news
About Elevation of Privilege – needrestart (CVE-2024-48990) vulnerability. On November 19, Qualys released a security bulletin about five privilege escalation vulnerabilities in the needrestart utility (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003) used in Ubuntu Server, starting with version 21.04. The needrestart utility runs automatically after APT operations (installing, updating, or removing packages). It checks if […]
Ubuntu Security Notice 7117-2 - USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a regression in needrestart. This update fixes the problem. Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root.
Qualys discovered that needrestart suffers from multiple local privilege escalation vulnerabilities that allow for root access from an unprivileged user.
Ubuntu Security Notice 7117-1 - Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed perl code. This could allow a local attacker to execute arbitrary shell commands.