NS-SA-2021-0184
2021-09-24 11:25:36
简介
moderate: targetcli/perl security update
严重级别
moderate
主题
An update for targetcli/perl is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
targetcli: An administration shell for configuring iSCSI, FCoE, and other SCSI targets, using the TCM/LIO kernel target subsystem. FCoE users will also need to install and use fcoe-utils.
perl: This package contains header files and development modules. Most perl packages will need to install perl-devel to build.
Security Fix(es):
targetcli: An access flaw was found in targetcli, where the `/etc/target` and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality.(CVE-2020-13867)
targetcli: bugfix
perl: Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.(CVE-2020-10543)
perl: Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.(CVE-2020-10878)
perl: gcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.(CVE-2020-12723)
perl: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F12B2.
影响组件
影响产品
- CGSL MAIN 5.05
- CGSL CORE 5.05
更新包
{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["targetcli-2.1.53-1.el7_9.noarch.rpm"],"source":"targetcli-2.1.53-1.el7_9.src.rpm"},{"binary":["perl-devel-5.16.3-299.el7_9.x86_64.rpm","perl-Module-Loaded-0.08-299.el7_9.noarch.rpm","perl-CPAN-1.9800-299.el7_9.noarch.rpm","perl-macros-5.16.3-299.el7_9.x86_64.rpm","perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm","perl-tests-5.16.3-299.el7_9.x86_64.rpm","perl-Package-Constants-0.02-299.el7_9.noarch.rpm","perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm","perl-core-5.16.3-299.el7_9.x86_64.rpm","perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm","perl-5.16.3-299.el7_9.x86_64.rpm","perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm","perl-IO-Zlib-1.10-299.el7_9.noarch.rpm","perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm","perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm","perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm","perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm","perl-libs-5.16.3-299.el7_9.x86_64.rpm","perl-Object-Accessor-0.42-299.el7_9.noarch.rpm"],"source":"perl-5.16.3-299.el7_9.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["targetcli-2.1.53-1.el7_9.noarch.rpm"],"source":"targetcli-2.1.53-1.el7_9.src.rpm"},{"binary":["perl-devel-5.16.3-299.el7_9.x86_64.rpm","perl-Module-Loaded-0.08-299.el7_9.noarch.rpm","perl-CPAN-1.9800-299.el7_9.noarch.rpm","perl-macros-5.16.3-299.el7_9.x86_64.rpm","perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm","perl-tests-5.16.3-299.el7_9.x86_64.rpm","perl-Package-Constants-0.02-299.el7_9.noarch.rpm","perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm","perl-core-5.16.3-299.el7_9.x86_64.rpm","perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm","perl-5.16.3-299.el7_9.x86_64.rpm","perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm","perl-IO-Zlib-1.10-299.el7_9.noarch.rpm","perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm","perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm","perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm","perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm","perl-libs-5.16.3-299.el7_9.x86_64.rpm","perl-Object-Accessor-0.42-299.el7_9.noarch.rpm"],"source":"perl-5.16.3-299.el7_9.src.rpm"}]}]}
CVE
参考