[SECURITY] [DLA 3958-1] libmodule-scandeps-perl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3958-1] libmodule-scandeps-perl security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 19 Nov 2024 16:44:14 +0000
Message-id: <[🔎] E1tDRKo-00BT3h-Bp@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3958-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                 Salvatore Bonaccorso
November 19, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libmodule-scandeps-perl
Version        : 1.30-1+deb11u1
CVE ID         : CVE-2024-10224

The Qualys Threat Research Unit discovered that libmodule-scandeps-perl,
a Perl module to recursively scan Perl code for dependencies, allows an
attacker to execute arbitrary shell commands via specially crafted file
names.

Details can be found in the Qualys advisory at
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

For Debian 11 bullseye, this problem has been fixed in version
1.30-1+deb11u1.

We recommend that you upgrade your libmodule-scandeps-perl packages.

For the detailed security status of libmodule-scandeps-perl please refer
to its security tracker page at:
https://security-tracker.debian.org/tracker/libmodule-scandeps-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmc8wDFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SY3g/+LO1Q58f6syAhBMXE/8PzhoE9nz3FQ3Knc3Az7EBFbdWqSWkkbW4U+rmx
K8IOx6wg9Wsy7dja/RzA84t9Uhz1sBbhg+ls7ffoxpA2zKM8lEBihgVZYqHV/Dxv
c3txfVK10xibn/qrwH/AANS60X2cHCmbBG3YR92VojpcLS23mZPnIwjdTd9tXd7h
LtORwLFURKfZa/G/126AWcGFb2q119Jg8McCPZx1CEidyIxSQlKfMGBXuj74WhqH
LzpBjNkdBTGE9Yqz9ZoeplWYqJdDLxcVISzM9X1TL/6O6gd+ccJf62ltZcsquTfZ
ulHFgtldfSEyOTePNmltBXhVhrE0aTqvbrhIw141CJHo5pBSy6KbrH15Xcij+5+c
56O1PaZJKcCgdTKuI8E6Y8v3QU8Bjv3+qXFrL6VbQkcBW43uffiz2VVQ41IEv8N7
Q4PTTUOmFL9Ps+1noGMrledyiniiWKgWiVFG35sTu6qBwWz8U6W40lpFtTVahwCJ
mcq/KiRHv9OLABQor+q9cDefajfEwf5v6a90OuituBkIXTIuyLxRblbZeNQ4Zaeh
vI2/LRSe7wBJR+bF1O4Cyy5fZF58pfe64g1A0DYu1pukzA3Jh0flAajxuj1TnHVD
joF9cg2GAhoJ292CJbKeyYrCaKlagzCw2nnXAs2m+bwU4I3liKc=
=kcFJ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3957-1] needrestart security update
Next by Date: [SECURITY] [DLA 3959-1] guix security update
Previous by thread: [SECURITY] [DLA 3957-1] needrestart security update
Next by thread: [SECURITY] [DLA 3959-1] guix security update
Index(es):
- Date
- Thread