FERRAMENTAS LINUX: Critical Security Update: perl-File-Find-Rule Vulnerability Patched (CVE-2011-10007)

quinta-feira, 26 de junho de 2025

Critical Security Update: perl-File-Find-Rule Vulnerability Patched (CVE-2011-10007)

 

SUse


SUSE has released a critical security update for perl-File-Find-Rule (CVE-2011-10007) fixing an arbitrary code execution flaw. Affected systems include SUSE Linux Enterprise, openSUSE Leap, and SAP applications. Learn how to patch now.


🔒 Vulnerability Overview

A high-severity security flaw (CVE-2011-10007) has been discovered in perl-File-Find-Rule, a Perl module used for file searching. This vulnerability allows arbitrary code execution when processing malicious filenames, posing a significant risk to unpatched systems.

📌 Key Details

  • CVSS Score: Up to 8.8 (High Severity)

  • Affected Versions: Multiple SUSE Linux Enterprise, openSUSE Leap, and SAP deployments

  • Risk: Remote attackers could execute malicious code via crafted filenames

  • Patch Released: June 25, 2025

🚨 Affected Products

The following SUSE-based systems are vulnerable and require immediate patching:

✅ SUSE Linux Enterprise Server (15 SP3-SP7)

✅ SUSE Linux Enterprise Desktop (15 SP6-SP7)

✅ SUSE Manager (Proxy, Server, Retail Branch Server 4.3)

✅ SUSE Enterprise Storage 7.1

✅ openSUSE Leap 15.6

✅ SUSE Linux Enterprise High Performance Computing (LTSS/ESPOS)

(Full list available in the original advisory)

🛠️ How to Patch (Step-by-Step Guide)

Method 1: Automated Update (Recommended)

Run the following command based on your OS:

bash
# For SUSE Linux Enterprise Server 15 SP5 LTSS  
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2105=1  

# For openSUSE Leap 15.6  
zypper in -t patch openSUSE-SLE-15.6-2025-2105=1

Method 2: Manual Patch via YaST

  1. Open YaST

  2. Navigate to Software Management → Online Update

  3. Apply the latest security patches

📊 Why This Update Matters

  • Critical Severity (CVSS 8.8): Exploitable via malicious filenames

  • Widespread Impact: Affects enterprise servers, SAP environments, and cloud storage

  • Compliance Risk: Unpatched systems may violate security policies

🔍 Frequently Asked Questions (FAQ)

❓ Is this vulnerability actively exploited?

As of now, there are no public reports of exploitation, but patching immediately is recommended due to the high-risk nature.

❓ What happens if I don’t update?

Attackers could execute arbitrary code on affected systems, leading to data breaches or system compromise.

❓ Where can I verify the patch?

Check the official references:

Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)