Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: CVE advisories and CENTOS
Top Forums UNIX for Beginners Questions & Answers CVE advisories and CENTOS Post 303025612 by gull04 on Wednesday 7th of November 2018 06:37:22 AM
Old 11-07-2018
Hi Mojoman,

You should be able to run the comparison against the Red Hat CVE database, but not sure how much time Red Hat will spend keeping it relevant to CentOS. I'd suggest that you would be able to get a more meaningful communication going with one of the CentOS groups, you may want to look at a specific CentOS CVE Scanner then see what is required.

Regards

Gull04
This User Gave Thanks to gull04 For This Post:
MadeInGermany
 

5 More Discussions You Might Find Interesting

1. Cybersecurity

SCO Support Services: Security Advisories

Link to SCO security bulletins: http://www.caldera.com/support/security/ (0 Replies)
Discussion started by: Neo
0 Replies

2. Red Hat

How to Upgrade Centos 5.7 using Centos 5.8 ISO image on Vmware workstation

Dear Linux Experts, On my windows 7 desktop with the help of Vmware workstation (Version 7.1), created virtual machine and installed Centos 5.7 successfully using ISO image. Query : Is this possible to upgrade the Centos 5.7 using Centos 5.8 ISO image to Centos version 5.8?.. if yes kindly... (2 Replies)
Discussion started by: Ananthcn
2 Replies

3. Red Hat

RH V Centos

Hi, I have built out a new virtual production environment (VMWare, HA enabled, VMotion... all the bells & whistles) using RHEL5 VM's. I have got another ESX host that I plan to use as a pre-prod environment. To save some costs on RH subs I was thinking about installing this environment... (5 Replies)
Discussion started by: Duffs22
5 Replies

4. Cybersecurity

Rpm for BIND 9 version 9.9.7-P2 (fix CVE-2015-5477) rhel

Hello, I have a RedHat machine (version 5.11) and i need to install BIND version version 9.9.7-P2 in order to fix a known BIND vulnerability CVE-2015-5477. I downloaded the tar file from isc website but i am having trouble to install the file. Does anybody knows a link for the rpm package of... (0 Replies)
Discussion started by: omonoiatis9
0 Replies

5. UNIX for Advanced & Expert Users

Install package PHP Vulnerability: CVE-2015-4601

Hi, Anyone can help on applying patch "PHP Vulnerability: CVE-2015-4601" on Centos 6.8 platform. How can I install this patch in command line using "yum" or "rpm"? Do I need to download or there is a direct command. Thanks in advance. Ragards, FSPalero (4 Replies)
Discussion started by: fspalero
4 Replies

LEARN ABOUT MOJAVE

perl5142delta

PERL5142DELTA(1)					 Perl Programmers Reference Guide					  PERL5142DELTA(1)

NAME

       perl5142delta - what is new for perl v5.14.2

DESCRIPTION

       This document describes differences between the 5.14.1 release and the 5.14.2 release.

       If you are upgrading from an earlier release such as 5.14.0, first read perl5141delta, which describes differences between 5.14.0 and
       5.14.1.

Core Enhancements
       No changes since 5.14.0.

Security
   "File::Glob::bsd_glob()" memory error with GLOB_ALTDIRFUNC (CVE-2011-2728).
       Calling "File::Glob::bsd_glob" with the unsupported flag GLOB_ALTDIRFUNC would cause an access violation / segfault.  A Perl program that
       accepts a flags value from an external source could expose itself to denial of service or arbitrary code execution attacks.  There are no
       known exploits in the wild.  The problem has been corrected by explicitly disabling all unsupported flags and setting unused function
       pointers to null.  Bug reported by Clement Lecigne.

   "Encode" decode_xs n-byte heap-overflow (CVE-2011-2939)
       A bug in "Encode" could, on certain inputs, cause the heap to overflow.	This problem has been corrected.  Bug reported by Robert Zacek.

Incompatible Changes
       There are no changes intentionally incompatible with 5.14.0. If any exist, they are bugs and reports are welcome.

Deprecations
       There have been no deprecations since 5.14.0.

Modules and Pragmata
   New Modules and Pragmata
       None

   Updated Modules and Pragmata
       o   CPAN has been upgraded from version 1.9600 to version 1.9600_01.

	   CPAN::Distribution has been upgraded from version 1.9602 to 1.9602_01.

	   Backported bugfixes from CPAN version 1.9800.  Ensures proper detection of "configure_requires" prerequisites from CPAN Meta files in
	   the case where "dynamic_config" is true.  [rt.cpan.org #68835]

	   Also ensures that "configure_requires" is only checked in META files, not MYMETA files, so protect against MYMETA generation that drops
	   "configure_requires".

       o   Encode has been upgraded from version 2.42 to 2.42_01.

	   See "Security".

       o   File::Glob has been upgraded from version 1.12 to version 1.13.

	   See "Security".

       o   PerlIO::scalar has been upgraded from version 0.11 to 0.11_01.

	   It fixes a problem with "open my $fh, ">", $scalar" not working if $scalar is a copy-on-write scalar.

   Removed Modules and Pragmata
       None

Platform Support
   New Platforms
       None

   Discontinued Platforms
       None

   Platform-Specific Notes
       HP-UX PA-RISC/64 now supports gcc-4.x
	   A fix to correct the socketsize now makes the test suite pass on HP-UX PA-RISC for 64bitall builds.

       Building on OS X 10.7 Lion and Xcode 4 works again
	   The build system has been updated to work with the build tools under Mac OS X 10.7.

Bug Fixes
       o   In @INC filters (subroutines returned by subroutines in @INC), $_ used to misbehave: If returned from a subroutine, it would not be
	   copied, but the variable itself would be returned; and freeing $_ (e.g., with "undef *_") would cause perl to crash.  This has been
	   fixed [perl #91880].

       o   Perl 5.10.0 introduced some faulty logic that made "U*" in the middle of a pack template equivalent to "U0" if the input string was
	   empty.  This has been fixed [perl #90160].

       o   "caller" no longer leaks memory when called from the DB package if @DB::args was assigned to after the first call to "caller".  Carp
	   was triggering this bug [perl #97010].

       o   "utf8::decode" had a nasty bug that would modify copy-on-write scalars' string buffers in place (i.e., skipping the copy).  This could
	   result in hashes having two elements with the same key [perl #91834].

       o   Localising a tied variable used to make it read-only if it contained a copy-on-write string.

       o   Elements of restricted hashes (see the fields pragma) containing copy-on-write values couldn't be deleted, nor could such hashes be
	   cleared ("%hash = ()").

       o   Locking a hash element that is a glob copy no longer causes subsequent assignment to it to corrupt the glob.

       o   A panic involving the combination of the regular expression modifiers "/aa" introduced in 5.14.0 and the "" escape sequence has been
	   fixed [perl #95964].

Known Problems
       This is a list of some significant unfixed bugs, which are regressions from 5.12.0.

       o   "PERL_GLOBAL_STRUCT" is broken.

	   Since perl 5.14.0, building with "-DPERL_GLOBAL_STRUCT" hasn't been possible. This means that perl currently doesn't work on any
	   platforms that require it to be built this way, including Symbian.

	   While "PERL_GLOBAL_STRUCT" now works again on recent development versions of perl, it actually working on Symbian again hasn't been
	   verified.

	   We'd be very interested in hearing from anyone working with Perl on Symbian.

Acknowledgements
       Perl 5.14.2 represents approximately three months of development since Perl 5.14.1 and contains approximately 1200 lines of changes across
       61 files from 9 authors.

       Perl continues to flourish into its third decade thanks to a vibrant community of users and developers.	The following people are known to
       have contributed the improvements that became Perl 5.14.2:

       Craig A. Berry, David Golden, Father Chrysostomos, Florian Ragwitz, H.Merijn Brand, Karl Williamson, Nicholas Clark, Pau Amma and Ricardo
       Signes.

Reporting Bugs
       If you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.misc newsgroup and the perl bug
       database at http://rt.perl.org/perlbug/ .  There may also be information at http://www.perl.org/ , the Perl Home Page.

       If you believe you have an unreported bug, please run the perlbug program included with your release.  Be sure to trim your bug down to a
       tiny but sufficient test case.  Your bug report, along with the output of "perl -V", will be sent off to perlbug@perl.org to be analysed by
       the Perl porting team.

       If the bug you are reporting has security implications, which make it inappropriate to send to a publicly archived mailing list, then
       please send it to perl5-security-report@perl.org. This points to a closed subscription unarchived mailing list, which includes all the core
       committers, who be able to help assess the impact of issues, figure out a resolution, and help co-ordinate the release of patches to
       mitigate or fix the problem across all platforms on which Perl is supported. Please only use this address for security issues in the Perl
       core, not for modules independently distributed on CPAN.

SEE ALSO

       The Changes file for an explanation of how to view exhaustive details on what changed.

       The INSTALL file for how to build Perl.

       The README file for general stuff.

       The Artistic and Copying files for copyright information.

perl v5.18.2							    2013-11-04							  PERL5142DELTA(1)
All times are GMT -4. The time now is 01:08 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy