Fedora 40 Security Advisory: perl-Module-ScanDeps Critical Local Escalation
fedora
November 28, 2024
1.37 - fix parsing of "use if ..." Fixes errors in PAR::Packer test t/90-rt59710.t - add test for _parse_libs() 1.36
Summary
This module scans potential modules used by perl programs and returns a
hash reference. Its keys are the module names as they appear in %INC (e.g.
Test/More.pm). The values are hash references.
Update Information:
1.37 - fix parsing of "use if ..." Fixes errors in PAR::Packer test t/90-rt59710.t - add test for _parse_libs() 1.36 - Fix CVE-2024-10224: Unsanitized input leads to LPE - use three-argument open() - replace 'eval "..."' constructs Note: this version was not released on CPAN because of Coordinated Release Date for CVE - README: add "Source Repository" and "Contact" info switch "Please submit bug reports to ..." to GitHub issues - add preload rule for MooX::HandlesVia cf.
Change Log
* Wed Nov 20 2024 Jitka Plesnikova
References
[ 1 ] Bug #2327529 - CVE-2024-10224 perl-Module-ScanDeps: local privilege escalation via unsanitized input [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2327529
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-8adf4a4b24' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: perl-Module-ScanDeps
Product: Fedora 40
Version: 1.37
Release: 1.fc40
Summary: Recursively scan Perl code for dependencies
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!