perl-Module-ScanDeps-1.30-6.el9

エラータID: AXSA:2025-10130:01

Release date: 
Saturday, June 28, 2025 - 00:11
Subject: 
perl-Module-ScanDeps-1.30-6.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

This module scans potential modules used by perl programs and returns a hash reference. Its keys are the module names as they appear in %INC (e.g. Test/More.pm). The values are hash references.

Security Fix(es):

* module-scandeps: local privilege escalation via unsanitized input (CVE-2024-10224)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.6 Release Notes linked from the References section.

CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().

Solution: 

Update packages.

CVEs: 
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
Additional Info: 

N/A

Download: 

SRPMS
  1. perl-Module-ScanDeps-1.30-6.el9.src.rpm
    MD5: 71c172786ad1f682b1931b4db81d7e4d
    SHA-256: 5551c71af1c7a33c43fbf10d87abdfff5d0c3f6a47394422c9a02038ac8e0836
    Size: 70.93 kB

Asianux Server 9 for x86_64
  1. perl-Module-ScanDeps-1.30-6.el9.noarch.rpm
    MD5: e99a1b96cd5b4e27c5caab217285de50
    SHA-256: 949997f71ad1868cc906ef70846151597836e94cf5be5a47ad891cdc83ce8eda
    Size: 52.77 kB