安全公告详情

NS-SA-2021-0134

2021-09-24 00:32:48

简介

moderate: microcode_ctl/perl security update

严重级别

moderate

主题

An update for microcode_ctl/perl is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

microcode_ctl: This package provides microcode update files for Intel x86 and x86_64 CPUs. The microcode update is volatile and needs to be uploaded on each system boot i.e. it isn't stored on a CPU permanently; reboot and it reverts back to the old microcode. Package name "microcode_ctl" is historical, as the binary with the same name is no longer used for microcode upload and, as a result, no longer provided.
perl: This package provides debug information for package perl-libs. Debug information is useful when developing applications that use this package or when debugging this package.


Security Fix(es):
microcode_ctl: A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.(CVE-2020-8696)
microcode_ctl: bugfix
perl: Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.(CVE-2020-10543)
perl: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.(CVE-2020-10878)
perl: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.70B3.

影响组件

  • microcode_ctl
  • perl

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["microcode_ctl-20200609-2.20210216.1.el8_3.x86_64.rpm"],"source":"microcode_ctl-20200609-2.20210216.1.el8_3.src.rpm"},{"binary":["perl-libs-debuginfo-5.26.3-419.el8.x86_64.rpm","perl-Devel-Peek-debuginfo-1.26-419.el8.x86_64.rpm","perl-debuginfo-5.26.3-419.el8.x86_64.rpm","perl-macros-5.26.3-419.el8.x86_64.rpm","perl-debugsource-5.26.3-419.el8.x86_64.rpm","perl-interpreter-debuginfo-5.26.3-419.el8.x86_64.rpm","perl-Math-Complex-1.59-419.el8.noarch.rpm","perl-libs-5.26.3-419.el8.x86_64.rpm","perl-Errno-1.28-419.el8.x86_64.rpm","perl-interpreter-5.26.3-419.el8.x86_64.rpm","perl-IO-debuginfo-1.38-419.el8.x86_64.rpm","perl-IO-1.38-419.el8.x86_64.rpm","perl-Time-Piece-debuginfo-1.31-419.el8.x86_64.rpm","perl-Attribute-Handlers-0.99-419.el8.noarch.rpm","perl-ExtUtils-Embed-1.34-419.el8.noarch.rpm","perl-devel-5.26.3-419.el8.x86_64.rpm","perl-Pod-Html-1.22.02-419.el8.noarch.rpm","perl-SelfLoader-1.23-419.el8.noarch.rpm","perl-5.26.3-419.el8.x86_64.rpm","perl-ExtUtils-Miniperl-1.06-419.el8.noarch.rpm","perl-Test-1.30-419.el8.noarch.rpm","perl-Module-Loaded-0.08-419.el8.noarch.rpm","perl-Memoize-1.03-419.el8.noarch.rpm","perl-Devel-Peek-1.26-419.el8.x86_64.rpm","perl-Time-Piece-1.31-419.el8.x86_64.rpm","perl-open-1.11-419.el8.noarch.rpm","perl-utils-5.26.3-419.el8.noarch.rpm","perl-Net-Ping-2.55-419.el8.noarch.rpm","perl-Locale-Maketext-Simple-0.21-419.el8.noarch.rpm","perl-tests-5.26.3-419.el8.x86_64.rpm","perl-IO-Zlib-1.10-419.el8.noarch.rpm","perl-libnetcfg-5.26.3-419.el8.noarch.rpm","perl-Devel-SelfStubber-1.06-419.el8.noarch.rpm"],"source":"perl-5.26.3-419.el8.src.rpm"}]}]}

CVE

参考