安全公告详情

NS-SA-2025-0135

2025-07-25 16:49:52

简介

important: sane-backends/perl security update

严重级别

important

主题

An update for sane-backends/perl is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

sane-backends:
perl:


Security Fix(es):
sane-backends: An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.(CVE-2023-46047)
sane-backends: bugfix
perl: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.(CVE-2023-47038)
perl: A flaw was found in Perl due to improper handling of the property name by the S_parse_uniprop_string function in regcomp.c. This issue could allow an attacker to to bypass security restrictions and use a specially crafted regular expression input to write to unallocated space.(CVE-2023-47100)
perl: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.

影响组件

  • sane-backends
  • perl

影响产品

  • CGSL MAIN 7.02

更新包

{"fix":[{"product":"CGSL MAIN 7.02","pkgs":[{"binary":["sane-backends-libs-1.2.1-4.zncgsl7.5.x86_64.rpm","sane-backends-drivers-cameras-1.2.1-4.zncgsl7.5.x86_64.rpm","sane-backends-devel-1.2.1-4.zncgsl7.5.x86_64.rpm","sane-backends-drivers-scanners-1.2.1-4.zncgsl7.5.x86_64.rpm","sane-backends-1.2.1-4.zncgsl7.5.x86_64.rpm"],"source":"sane-backends-1.2.1-4.zncgsl7.5.src.rpm"},{"binary":["perl-vmsish-1.04-15.zncgsl7.4.noarch.rpm","perl-vars-1.05-15.zncgsl7.4.noarch.rpm","perl-subs-1.04-15.zncgsl7.4.noarch.rpm","perl-utils-5.36.3-15.zncgsl7.4.noarch.rpm","perl-sort-2.05-15.zncgsl7.4.noarch.rpm","perl-overloading-0.02-15.zncgsl7.4.noarch.rpm","perl-sigtrap-1.10-15.zncgsl7.4.noarch.rpm","perl-meta-notation-5.36.3-15.zncgsl7.4.noarch.rpm","perl-ph-5.36.3-15.zncgsl7.4.x86_64.rpm","perl-locale-1.10-15.zncgsl7.4.noarch.rpm","perl-macros-5.36.3-15.zncgsl7.4.noarch.rpm","perl-overload-1.35-15.zncgsl7.4.noarch.rpm","perl-open-1.13-15.zncgsl7.4.noarch.rpm","perl-mro-1.26-15.zncgsl7.4.x86_64.rpm","perl-lib-0.65-15.zncgsl7.4.x86_64.rpm","perl-less-0.03-15.zncgsl7.4.noarch.rpm","perl-libs-5.36.3-15.zncgsl7.4.x86_64.rpm","perl-libnetcfg-5.36.3-15.zncgsl7.4.noarch.rpm","perl-if-0.61.000-15.zncgsl7.4.noarch.rpm","perl-filetest-1.03-15.zncgsl7.4.noarch.rpm","perl-interpreter-5.36.3-15.zncgsl7.4.x86_64.rpm","perl-deprecate-0.04-15.zncgsl7.4.noarch.rpm","perl-blib-1.07-15.zncgsl7.4.noarch.rpm","perl-autouse-1.11-15.zncgsl7.4.noarch.rpm","perl-fields-2.27-15.zncgsl7.4.noarch.rpm","perl-encoding-warnings-0.13-15.zncgsl7.4.noarch.rpm","perl-diagnostics-1.39-15.zncgsl7.4.noarch.rpm","perl-doc-5.36.3-15.zncgsl7.4.noarch.rpm","perl-devel-5.36.3-15.zncgsl7.4.x86_64.rpm","perl-debugger-1.60-15.zncgsl7.4.noarch.rpm","perl-base-2.27-15.zncgsl7.4.noarch.rpm","perl-User-pwent-1.03-15.zncgsl7.4.noarch.rpm","perl-Unicode-UCD-0.78-15.zncgsl7.4.noarch.rpm","perl-Time-1.03-15.zncgsl7.4.noarch.rpm","perl-Tie-File-1.06-15.zncgsl7.4.noarch.rpm","perl-Tie-Memoize-1.1-15.zncgsl7.4.noarch.rpm","perl-Time-Piece-1.3401-15.zncgsl7.4.x86_64.rpm","perl-Tie-4.6-15.zncgsl7.4.noarch.rpm","perl-Thread-Semaphore-2.13-15.zncgsl7.4.noarch.rpm","perl-Thread-3.05-15.zncgsl7.4.noarch.rpm","perl-Text-Abbrev-1.02-15.zncgsl7.4.noarch.rpm","perl-Term-Complete-1.403-15.zncgsl7.4.noarch.rpm","perl-Symbol-1.09-15.zncgsl7.4.noarch.rpm","perl-Term-ReadLine-1.17-15.zncgsl7.4.noarch.rpm","perl-Sys-Hostname-1.24-15.zncgsl7.4.x86_64.rpm","perl-Test-1.31-15.zncgsl7.4.noarch.rpm","perl-SelectSaver-1.02-15.zncgsl7.4.noarch.rpm","perl-Search-Dict-1.07-15.zncgsl7.4.noarch.rpm","perl-SelfLoader-1.26-15.zncgsl7.4.noarch.rpm","perl-Pod-Functions-1.14-15.zncgsl7.4.noarch.rpm","perl-Safe-2.43-15.zncgsl7.4.noarch.rpm","perl-Pod-Html-1.33-15.zncgsl7.4.noarch.rpm","perl-POSIX-2.03-15.zncgsl7.4.x86_64.rpm","perl-Opcode-1.57-15.zncgsl7.4.x86_64.rpm","perl-ODBM_File-1.17-15.zncgsl7.4.x86_64.rpm","perl-Net-1.03-15.zncgsl7.4.noarch.rpm","perl-NEXT-0.69-15.zncgsl7.4.noarch.rpm","perl-Module-Loaded-0.08-15.zncgsl7.4.noarch.rpm","perl-NDBM_File-1.15-15.zncgsl7.4.x86_64.rpm","perl-Memoize-1.03-15.zncgsl7.4.noarch.rpm","perl-Math-Complex-1.59-15.zncgsl7.4.noarch.rpm","perl-Locale-Maketext-Simple-0.21-15.zncgsl7.4.noarch.rpm","perl-IPC-Open3-1.22-15.zncgsl7.4.noarch.rpm","perl-I18N-Collate-1.02-15.zncgsl7.4.noarch.rpm","perl-IO-1.50-15.zncgsl7.4.x86_64.rpm","perl-I18N-Langinfo-0.21-15.zncgsl7.4.x86_64.rpm","perl-I18N-LangTags-0.45-15.zncgsl7.4.noarch.rpm","perl-Hash-Util-FieldHash-1.26-15.zncgsl7.4.x86_64.rpm","perl-Hash-Util-0.28-15.zncgsl7.4.x86_64.rpm","perl-Getopt-Std-1.13-15.zncgsl7.4.noarch.rpm","perl-GDBM_File-1.23-15.zncgsl7.4.x86_64.rpm","perl-FileCache-1.10-15.zncgsl7.4.noarch.rpm","perl-FileHandle-2.03-15.zncgsl7.4.noarch.rpm","perl-File-stat-1.12-15.zncgsl7.4.noarch.rpm","perl-File-Find-1.40-15.zncgsl7.4.noarch.rpm","perl-File-Compare-1.100.700-15.zncgsl7.4.noarch.rpm","perl-File-DosGlob-1.12-15.zncgsl7.4.x86_64.rpm","perl-ExtUtils-Miniperl-1.11-15.zncgsl7.4.noarch.rpm","perl-File-Copy-2.39-15.zncgsl7.4.noarch.rpm","perl-File-Basename-2.85-15.zncgsl7.4.noarch.rpm","perl-Fcntl-1.15-15.zncgsl7.4.x86_64.rpm","perl-FindBin-1.53-15.zncgsl7.4.noarch.rpm","perl-Errno-1.36-15.zncgsl7.4.x86_64.rpm","perl-ExtUtils-Embed-1.35-15.zncgsl7.4.noarch.rpm","perl-ExtUtils-Constant-0.25-15.zncgsl7.4.noarch.rpm","perl-English-1.11-15.zncgsl7.4.noarch.rpm","perl-DirHandle-1.05-15.zncgsl7.4.noarch.rpm","perl-DynaLoader-1.52-15.zncgsl7.4.x86_64.rpm","perl-Devel-SelfStubber-1.06-15.zncgsl7.4.noarch.rpm","perl-Dumpvalue-2.27-15.zncgsl7.4.noarch.rpm","perl-Devel-Peek-1.32-15.zncgsl7.4.x86_64.rpm","perl-Config-Extensions-0.03-15.zncgsl7.4.noarch.rpm","perl-DBM_Filter-0.06-15.zncgsl7.4.noarch.rpm","perl-Class-Struct-0.66-15.zncgsl7.4.noarch.rpm","perl-5.36.3-15.zncgsl7.4.x86_64.rpm","perl-Benchmark-1.23-15.zncgsl7.4.noarch.rpm","perl-B-1.83-15.zncgsl7.4.x86_64.rpm","perl-AutoLoader-5.74-15.zncgsl7.4.noarch.rpm","perl-AutoSplit-5.74-15.zncgsl7.4.noarch.rpm","perl-Attribute-Handlers-1.02-15.zncgsl7.4.noarch.rpm"],"source":"perl-5.36.3-15.zncgsl7.4.src.rpm"}]}]}

CVE

参考