安全公告详情

NS-SA-2025-0045

2025-03-07 15:38:29

简介

moderate: vorbis-tools/perl security update

严重级别

moderate

主题

An update for vorbis-tools/perl is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

vorbis-tools:
perl:


Security Fix(es):
vorbis-tools: A buffer overflow vulnerability was found in vorbis-tools. This flaw allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of WAV files to OGG files.(CVE-2023-43361)
vorbis-tools: bugfix
perl: A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to `verify_SSL` missing when suing the `HTTP::Tiny` library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing confidentiality or integrity issues.(CVE-2023-31484)
perl: A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=>1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server.(CVE-2023-31486)
perl: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.01B6.

影响组件

  • vorbis-tools
  • perl

影响产品

  • CGSL MAIN 7.02

更新包

{"fix":[{"product":"CGSL MAIN 7.02","pkgs":[{"binary":["vorbis-tools-1.4.2-3.zncgsl7.1.x86_64.rpm"],"source":"vorbis-tools-1.4.2-3.zncgsl7.1.src.rpm"},{"binary":["perl-5.36.3-15.zncgsl7.3.x86_64.rpm","perl-Attribute-Handlers-1.02-15.zncgsl7.3.noarch.rpm","perl-AutoLoader-5.74-15.zncgsl7.3.noarch.rpm","perl-AutoSplit-5.74-15.zncgsl7.3.noarch.rpm","perl-autouse-1.11-15.zncgsl7.3.noarch.rpm","perl-base-2.27-15.zncgsl7.3.noarch.rpm","perl-Benchmark-1.23-15.zncgsl7.3.noarch.rpm","perl-blib-1.07-15.zncgsl7.3.noarch.rpm","perl-B-1.83-15.zncgsl7.3.x86_64.rpm","perl-Class-Struct-0.66-15.zncgsl7.3.noarch.rpm","perl-Config-Extensions-0.03-15.zncgsl7.3.noarch.rpm","perl-DBM_Filter-0.06-15.zncgsl7.3.noarch.rpm","perl-debugger-1.60-15.zncgsl7.3.noarch.rpm","perl-deprecate-0.04-15.zncgsl7.3.noarch.rpm","perl-devel-5.36.3-15.zncgsl7.3.x86_64.rpm","perl-Devel-Peek-1.32-15.zncgsl7.3.x86_64.rpm","perl-Devel-SelfStubber-1.06-15.zncgsl7.3.noarch.rpm","perl-diagnostics-1.39-15.zncgsl7.3.noarch.rpm","perl-DirHandle-1.05-15.zncgsl7.3.noarch.rpm","perl-doc-5.36.3-15.zncgsl7.3.noarch.rpm","perl-Dumpvalue-2.27-15.zncgsl7.3.noarch.rpm","perl-DynaLoader-1.52-15.zncgsl7.3.x86_64.rpm","perl-encoding-warnings-0.13-15.zncgsl7.3.noarch.rpm","perl-English-1.11-15.zncgsl7.3.noarch.rpm","perl-Errno-1.36-15.zncgsl7.3.x86_64.rpm","perl-ExtUtils-Constant-0.25-15.zncgsl7.3.noarch.rpm","perl-ExtUtils-Embed-1.35-15.zncgsl7.3.noarch.rpm","perl-ExtUtils-Miniperl-1.11-15.zncgsl7.3.noarch.rpm","perl-Fcntl-1.15-15.zncgsl7.3.x86_64.rpm","perl-fields-2.27-15.zncgsl7.3.noarch.rpm","perl-FileCache-1.10-15.zncgsl7.3.noarch.rpm","perl-FileHandle-2.03-15.zncgsl7.3.noarch.rpm","perl-filetest-1.03-15.zncgsl7.3.noarch.rpm","perl-File-Basename-2.85-15.zncgsl7.3.noarch.rpm","perl-File-Compare-1.100.700-15.zncgsl7.3.noarch.rpm","perl-File-Copy-2.39-15.zncgsl7.3.noarch.rpm","perl-File-DosGlob-1.12-15.zncgsl7.3.x86_64.rpm","perl-File-Find-1.40-15.zncgsl7.3.noarch.rpm","perl-File-stat-1.12-15.zncgsl7.3.noarch.rpm","perl-FindBin-1.53-15.zncgsl7.3.noarch.rpm","perl-GDBM_File-1.23-15.zncgsl7.3.x86_64.rpm","perl-Getopt-Std-1.13-15.zncgsl7.3.noarch.rpm","perl-Hash-Util-0.28-15.zncgsl7.3.x86_64.rpm","perl-Hash-Util-FieldHash-1.26-15.zncgsl7.3.x86_64.rpm","perl-I18N-Collate-1.02-15.zncgsl7.3.noarch.rpm","perl-I18N-Langinfo-0.21-15.zncgsl7.3.x86_64.rpm","perl-I18N-LangTags-0.45-15.zncgsl7.3.noarch.rpm","perl-if-0.61.000-15.zncgsl7.3.noarch.rpm","perl-interpreter-5.36.3-15.zncgsl7.3.x86_64.rpm","perl-IO-1.50-15.zncgsl7.3.x86_64.rpm","perl-IPC-Open3-1.22-15.zncgsl7.3.noarch.rpm","perl-less-0.03-15.zncgsl7.3.noarch.rpm","perl-libnetcfg-5.36.3-15.zncgsl7.3.noarch.rpm","perl-libs-5.36.3-15.zncgsl7.3.x86_64.rpm","perl-lib-0.65-15.zncgsl7.3.x86_64.rpm","perl-locale-1.10-15.zncgsl7.3.noarch.rpm","perl-Locale-Maketext-Simple-0.21-15.zncgsl7.3.noarch.rpm","perl-macros-5.36.3-15.zncgsl7.3.noarch.rpm","perl-Math-Complex-1.59-15.zncgsl7.3.noarch.rpm","perl-Memoize-1.03-15.zncgsl7.3.noarch.rpm","perl-meta-notation-5.36.3-15.zncgsl7.3.noarch.rpm","perl-Module-Loaded-0.08-15.zncgsl7.3.noarch.rpm","perl-mro-1.26-15.zncgsl7.3.x86_64.rpm","perl-NDBM_File-1.15-15.zncgsl7.3.x86_64.rpm","perl-Net-1.03-15.zncgsl7.3.noarch.rpm","perl-NEXT-0.69-15.zncgsl7.3.noarch.rpm","perl-ODBM_File-1.17-15.zncgsl7.3.x86_64.rpm","perl-Opcode-1.57-15.zncgsl7.3.x86_64.rpm","perl-open-1.13-15.zncgsl7.3.noarch.rpm","perl-overloading-0.02-15.zncgsl7.3.noarch.rpm","perl-overload-1.35-15.zncgsl7.3.noarch.rpm","perl-ph-5.36.3-15.zncgsl7.3.x86_64.rpm","perl-Pod-Functions-1.14-15.zncgsl7.3.noarch.rpm","perl-Pod-Html-1.33-15.zncgsl7.3.noarch.rpm","perl-POSIX-2.03-15.zncgsl7.3.x86_64.rpm","perl-Safe-2.43-15.zncgsl7.3.noarch.rpm","perl-Search-Dict-1.07-15.zncgsl7.3.noarch.rpm","perl-SelectSaver-1.02-15.zncgsl7.3.noarch.rpm","perl-SelfLoader-1.26-15.zncgsl7.3.noarch.rpm","perl-sigtrap-1.10-15.zncgsl7.3.noarch.rpm","perl-sort-2.05-15.zncgsl7.3.noarch.rpm","perl-subs-1.04-15.zncgsl7.3.noarch.rpm","perl-Symbol-1.09-15.zncgsl7.3.noarch.rpm","perl-Sys-Hostname-1.24-15.zncgsl7.3.x86_64.rpm","perl-Term-Complete-1.403-15.zncgsl7.3.noarch.rpm","perl-Term-ReadLine-1.17-15.zncgsl7.3.noarch.rpm","perl-Test-1.31-15.zncgsl7.3.noarch.rpm","perl-Text-Abbrev-1.02-15.zncgsl7.3.noarch.rpm","perl-Thread-3.05-15.zncgsl7.3.noarch.rpm","perl-Thread-Semaphore-2.13-15.zncgsl7.3.noarch.rpm","perl-Tie-4.6-15.zncgsl7.3.noarch.rpm","perl-Tie-File-1.06-15.zncgsl7.3.noarch.rpm","perl-Tie-Memoize-1.1-15.zncgsl7.3.noarch.rpm","perl-Time-1.03-15.zncgsl7.3.noarch.rpm","perl-Time-Piece-1.3401-15.zncgsl7.3.x86_64.rpm","perl-Unicode-UCD-0.78-15.zncgsl7.3.noarch.rpm","perl-User-pwent-1.03-15.zncgsl7.3.noarch.rpm","perl-utils-5.36.3-15.zncgsl7.3.noarch.rpm","perl-vars-1.05-15.zncgsl7.3.noarch.rpm","perl-vmsish-1.04-15.zncgsl7.3.noarch.rpm"],"source":"perl-5.36.3-15.zncgsl7.3.src.rpm"}]}]}
CGSL MAIN 7.02
  • vorbis-tools-1.4.2-3.zncgsl7.1.src.rpm
    • vorbis-tools-1.4.2-3.zncgsl7.1.x86_64.rpm
  • perl-5.36.3-15.zncgsl7.3.src.rpm
    • perl-5.36.3-15.zncgsl7.3.x86_64.rpm
    • perl-Attribute-Handlers-1.02-15.zncgsl7.3.noarch.rpm
    • perl-AutoLoader-5.74-15.zncgsl7.3.noarch.rpm
    • perl-AutoSplit-5.74-15.zncgsl7.3.noarch.rpm
    • perl-autouse-1.11-15.zncgsl7.3.noarch.rpm
    • perl-base-2.27-15.zncgsl7.3.noarch.rpm
    • perl-Benchmark-1.23-15.zncgsl7.3.noarch.rpm
    • perl-blib-1.07-15.zncgsl7.3.noarch.rpm
    • perl-B-1.83-15.zncgsl7.3.x86_64.rpm
    • perl-Class-Struct-0.66-15.zncgsl7.3.noarch.rpm
    • perl-Config-Extensions-0.03-15.zncgsl7.3.noarch.rpm
    • perl-DBM_Filter-0.06-15.zncgsl7.3.noarch.rpm
    • perl-debugger-1.60-15.zncgsl7.3.noarch.rpm
    • perl-deprecate-0.04-15.zncgsl7.3.noarch.rpm
    • perl-devel-5.36.3-15.zncgsl7.3.x86_64.rpm
    • perl-Devel-Peek-1.32-15.zncgsl7.3.x86_64.rpm
    • perl-Devel-SelfStubber-1.06-15.zncgsl7.3.noarch.rpm
    • perl-diagnostics-1.39-15.zncgsl7.3.noarch.rpm
    • perl-DirHandle-1.05-15.zncgsl7.3.noarch.rpm
    • perl-doc-5.36.3-15.zncgsl7.3.noarch.rpm
    • perl-Dumpvalue-2.27-15.zncgsl7.3.noarch.rpm
    • perl-DynaLoader-1.52-15.zncgsl7.3.x86_64.rpm
    • perl-encoding-warnings-0.13-15.zncgsl7.3.noarch.rpm
    • perl-English-1.11-15.zncgsl7.3.noarch.rpm
    • perl-Errno-1.36-15.zncgsl7.3.x86_64.rpm
    • perl-ExtUtils-Constant-0.25-15.zncgsl7.3.noarch.rpm
    • perl-ExtUtils-Embed-1.35-15.zncgsl7.3.noarch.rpm
    • perl-ExtUtils-Miniperl-1.11-15.zncgsl7.3.noarch.rpm
    • perl-Fcntl-1.15-15.zncgsl7.3.x86_64.rpm
    • perl-fields-2.27-15.zncgsl7.3.noarch.rpm
    • perl-FileCache-1.10-15.zncgsl7.3.noarch.rpm
    • perl-FileHandle-2.03-15.zncgsl7.3.noarch.rpm
    • perl-filetest-1.03-15.zncgsl7.3.noarch.rpm
    • perl-File-Basename-2.85-15.zncgsl7.3.noarch.rpm
    • perl-File-Compare-1.100.700-15.zncgsl7.3.noarch.rpm
    • perl-File-Copy-2.39-15.zncgsl7.3.noarch.rpm
    • perl-File-DosGlob-1.12-15.zncgsl7.3.x86_64.rpm
    • perl-File-Find-1.40-15.zncgsl7.3.noarch.rpm
    • perl-File-stat-1.12-15.zncgsl7.3.noarch.rpm
    • perl-FindBin-1.53-15.zncgsl7.3.noarch.rpm
    • perl-GDBM_File-1.23-15.zncgsl7.3.x86_64.rpm
    • perl-Getopt-Std-1.13-15.zncgsl7.3.noarch.rpm
    • perl-Hash-Util-0.28-15.zncgsl7.3.x86_64.rpm
    • perl-Hash-Util-FieldHash-1.26-15.zncgsl7.3.x86_64.rpm
    • perl-I18N-Collate-1.02-15.zncgsl7.3.noarch.rpm
    • perl-I18N-Langinfo-0.21-15.zncgsl7.3.x86_64.rpm
    • perl-I18N-LangTags-0.45-15.zncgsl7.3.noarch.rpm
    • perl-if-0.61.000-15.zncgsl7.3.noarch.rpm
    • perl-interpreter-5.36.3-15.zncgsl7.3.x86_64.rpm
    • perl-IO-1.50-15.zncgsl7.3.x86_64.rpm
    • perl-IPC-Open3-1.22-15.zncgsl7.3.noarch.rpm
    • perl-less-0.03-15.zncgsl7.3.noarch.rpm
    • perl-libnetcfg-5.36.3-15.zncgsl7.3.noarch.rpm
    • perl-libs-5.36.3-15.zncgsl7.3.x86_64.rpm
    • perl-lib-0.65-15.zncgsl7.3.x86_64.rpm
    • perl-locale-1.10-15.zncgsl7.3.noarch.rpm
    • perl-Locale-Maketext-Simple-0.21-15.zncgsl7.3.noarch.rpm
    • perl-macros-5.36.3-15.zncgsl7.3.noarch.rpm
    • perl-Math-Complex-1.59-15.zncgsl7.3.noarch.rpm
    • perl-Memoize-1.03-15.zncgsl7.3.noarch.rpm
    • perl-meta-notation-5.36.3-15.zncgsl7.3.noarch.rpm
    • perl-Module-Loaded-0.08-15.zncgsl7.3.noarch.rpm
    • perl-mro-1.26-15.zncgsl7.3.x86_64.rpm
    • perl-NDBM_File-1.15-15.zncgsl7.3.x86_64.rpm
    • perl-Net-1.03-15.zncgsl7.3.noarch.rpm
    • perl-NEXT-0.69-15.zncgsl7.3.noarch.rpm
    • perl-ODBM_File-1.17-15.zncgsl7.3.x86_64.rpm
    • perl-Opcode-1.57-15.zncgsl7.3.x86_64.rpm
    • perl-open-1.13-15.zncgsl7.3.noarch.rpm
    • perl-overloading-0.02-15.zncgsl7.3.noarch.rpm
    • perl-overload-1.35-15.zncgsl7.3.noarch.rpm
    • perl-ph-5.36.3-15.zncgsl7.3.x86_64.rpm
    • perl-Pod-Functions-1.14-15.zncgsl7.3.noarch.rpm
    • perl-Pod-Html-1.33-15.zncgsl7.3.noarch.rpm
    • perl-POSIX-2.03-15.zncgsl7.3.x86_64.rpm
    • perl-Safe-2.43-15.zncgsl7.3.noarch.rpm
    • perl-Search-Dict-1.07-15.zncgsl7.3.noarch.rpm
    • perl-SelectSaver-1.02-15.zncgsl7.3.noarch.rpm
    • perl-SelfLoader-1.26-15.zncgsl7.3.noarch.rpm
    • perl-sigtrap-1.10-15.zncgsl7.3.noarch.rpm
    • perl-sort-2.05-15.zncgsl7.3.noarch.rpm
    • perl-subs-1.04-15.zncgsl7.3.noarch.rpm
    • perl-Symbol-1.09-15.zncgsl7.3.noarch.rpm
    • perl-Sys-Hostname-1.24-15.zncgsl7.3.x86_64.rpm
    • perl-Term-Complete-1.403-15.zncgsl7.3.noarch.rpm
    • perl-Term-ReadLine-1.17-15.zncgsl7.3.noarch.rpm
    • perl-Test-1.31-15.zncgsl7.3.noarch.rpm
    • perl-Text-Abbrev-1.02-15.zncgsl7.3.noarch.rpm
    • perl-Thread-3.05-15.zncgsl7.3.noarch.rpm
    • perl-Thread-Semaphore-2.13-15.zncgsl7.3.noarch.rpm
    • perl-Tie-4.6-15.zncgsl7.3.noarch.rpm
    • perl-Tie-File-1.06-15.zncgsl7.3.noarch.rpm
    • perl-Tie-Memoize-1.1-15.zncgsl7.3.noarch.rpm
    • perl-Time-1.03-15.zncgsl7.3.noarch.rpm
    • perl-Time-Piece-1.3401-15.zncgsl7.3.x86_64.rpm
    • perl-Unicode-UCD-0.78-15.zncgsl7.3.noarch.rpm
    • perl-User-pwent-1.03-15.zncgsl7.3.noarch.rpm
    • perl-utils-5.36.3-15.zncgsl7.3.noarch.rpm
    • perl-vars-1.05-15.zncgsl7.3.noarch.rpm
    • perl-vmsish-1.04-15.zncgsl7.3.noarch.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108