RockyLinux 8perl:5.32RLSA-2026:8096

medium Nessus プラグイン ID 306398

Language:

概要

リモート RockyLinux ホストにセキュリティ更新がありません。

説明

リモートのRockyLinux 8ホストには、RLSA-2026:8096アドバイザリに記載された脆弱性の影響を受けるパッケージがインストールされています。

* perl: Perl スレッドには、ファイル操作が意図しないパスをターゲットにする可能性がある作業ディレクトリの競合状態があります (CVE-2025-40909)

Tenable は、前述の記述ブロックを RockyLinux セキュリティアドバイザリから直接抽出しています。

Nessus はこの問題をテストしておらず、代わりにアプリケーションが自己報告するバージョン番号にのみ依存していることに注意してください。

ソリューション

影響を受けるパッケージを更新してください。

参考資料

https://errata.rockylinux.org/RLSA-2026:8096

https://bugzilla.redhat.com/show_bug.cgi?id=2369407

プラグインの詳細

深刻度: Medium

ID: 306398

ファイル名: rocky_linux_RLSA-2026-8096.nasl

バージョン: 1.3

タイプ: Local

ファミリー: Rocky Linux Local Security Checks

公開日: 2026/4/14

更新日: 2026/4/16

サポートされているセンサー: Nessus Agent, Continuous Assessment, Nessus

リスク情報

VPR

リスクファクター: Medium

スコア: 4.2

CVSS v2

リスクファクター: Medium

基本値: 5.2

現状値: 3.8

ベクトル: CVSS2#AV:L/AC:H/Au:N/C:C/I:P/A:P

CVSS スコアのソース: CVE-2025-40909

CVSS v3

リスクファクター: Medium

基本値: 5.9

現状値: 5.2

ベクトル: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

現状ベクトル: CVSS:3.0/E:U/RL:O/RC:C

脆弱性情報

CPE: p-cpe:/a:rocky:linux:perl-digest-md5, p-cpe:/a:rocky:linux:perl-pathtools, p-cpe:/a:rocky:linux:perl-autodie, p-cpe:/a:rocky:linux:perl-cpan-distnameinfo, p-cpe:/a:rocky:linux:perl-time-hires-debugsource, p-cpe:/a:rocky:linux:perl-devel-ppport, p-cpe:/a:rocky:linux:perl-text-tabs%2bwrap, p-cpe:/a:rocky:linux:perl-sys-syslog, p-cpe:/a:rocky:linux:perl-encode-debuginfo, p-cpe:/a:rocky:linux:perl-object-hashbase, p-cpe:/a:rocky:linux:perl-text-diff, p-cpe:/a:rocky:linux:perl-storable-debugsource, p-cpe:/a:rocky:linux:perl-software-license, p-cpe:/a:rocky:linux:perl-module-load-conditional, p-cpe:/a:rocky:linux:perl-compress-raw-bzip2-debuginfo, p-cpe:/a:rocky:linux:perl-filter-debugsource, p-cpe:/a:rocky:linux:perl-devel-size, p-cpe:/a:rocky:linux:perl-mime-base64-debugsource, p-cpe:/a:rocky:linux:perl-perlfaq, p-cpe:/a:rocky:linux:perl-pod-usage, p-cpe:/a:rocky:linux:perl-digest-md5-debugsource, p-cpe:/a:rocky:linux:perl-module-corelist-tools, p-cpe:/a:rocky:linux:perl-digest, p-cpe:/a:rocky:linux:perl-pod-parser, p-cpe:/a:rocky:linux:perl-module-metadata, p-cpe:/a:rocky:linux:perl-term-cap, p-cpe:/a:rocky:linux:perl-time-hires-debuginfo, p-cpe:/a:rocky:linux:perl-encode, p-cpe:/a:rocky:linux:perl-compress-bzip2-debugsource, p-cpe:/a:rocky:linux:perl-file-path, p-cpe:/a:rocky:linux:perl-unicode-normalize-debuginfo, p-cpe:/a:rocky:linux:perl-object-hashbase-tools, p-cpe:/a:rocky:linux:perl-encode-debugsource, p-cpe:/a:rocky:linux:perl-generators, p-cpe:/a:rocky:linux:perl-extutils-command, p-cpe:/a:rocky:linux:perl-extutils-manifest, p-cpe:/a:rocky:linux:perl-sys-syslog-debuginfo, p-cpe:/a:rocky:linux:perl-locale-maketext, p-cpe:/a:rocky:linux:perl-digest-md5-debuginfo, p-cpe:/a:rocky:linux:perl-db_file-debuginfo, p-cpe:/a:rocky:linux:perl-compress-raw-lzma-debuginfo, p-cpe:/a:rocky:linux:perl-env, p-cpe:/a:rocky:linux:perl-threads-debuginfo, p-cpe:/a:rocky:linux:perl-extutils-makemaker, p-cpe:/a:rocky:linux:perl-perl-ostype, p-cpe:/a:rocky:linux:perl-unicode-collate, p-cpe:/a:rocky:linux:perl-compress-raw-lzma-debugsource, p-cpe:/a:rocky:linux:perl-archive-zip, p-cpe:/a:rocky:linux:perl-devel-ppport-debugsource, p-cpe:/a:rocky:linux:perl-math-bigint-fastcalc, p-cpe:/a:rocky:linux:perl-sys-syslog-debugsource, p-cpe:/a:rocky:linux:perl-encode-devel, p-cpe:/a:rocky:linux:perl-compress-bzip2-debuginfo, p-cpe:/a:rocky:linux:perl-time-local, p-cpe:/a:rocky:linux:perl-data-dumper-debuginfo, p-cpe:/a:rocky:linux:perl-params-util-debuginfo, p-cpe:/a:rocky:linux:perl-uri, p-cpe:/a:rocky:linux:perl-pod-perldoc, p-cpe:/a:rocky:linux:perl-text-glob, p-cpe:/a:rocky:linux:perl-homedir, p-cpe:/a:rocky:linux:perl-sub-exporter, p-cpe:/a:rocky:linux:perl-devel-ppport-debuginfo, p-cpe:/a:rocky:linux:perl-filter, p-cpe:/a:rocky:linux:perl-socket, p-cpe:/a:rocky:linux:perl-cpan-meta-yaml, p-cpe:/a:rocky:linux:perl-math-bigint-fastcalc-debuginfo, p-cpe:/a:rocky:linux:perl-data-section, p-cpe:/a:rocky:linux:perl-unicode-collate-debugsource, p-cpe:/a:rocky:linux:perl-inc-latest, p-cpe:/a:rocky:linux:perl-digest-sha-debuginfo, p-cpe:/a:rocky:linux:perl-devel-size-debugsource, p-cpe:/a:rocky:linux:perl-data-optlist, p-cpe:/a:rocky:linux:perl-perlio-via-quotedprint, p-cpe:/a:rocky:linux:perl-ipc-sysv-debuginfo, p-cpe:/a:rocky:linux:perl-db_file, p-cpe:/a:rocky:linux:perl-threads-shared-debugsource, p-cpe:/a:rocky:linux:perl-db_file-debugsource, p-cpe:/a:rocky:linux:perl-importer, p-cpe:/a:rocky:linux:perl-cpan-meta, p-cpe:/a:rocky:linux:perl-config-perl-v, p-cpe:/a:rocky:linux:perl-math-bigint-fastcalc-debugsource, p-cpe:/a:rocky:linux:perl-encoding, p-cpe:/a:rocky:linux:perl-time-hires, p-cpe:/a:rocky:linux:perl-json-pp, p-cpe:/a:rocky:linux:perl-exporter, p-cpe:/a:rocky:linux:perl-mime-base64, p-cpe:/a:rocky:linux:perl-algorithm-diff, p-cpe:/a:rocky:linux:perl-module-load, p-cpe:/a:rocky:linux:perl-threads, p-cpe:/a:rocky:linux:perl-ipc-sysv, p-cpe:/a:rocky:linux:perl-io-compress, p-cpe:/a:rocky:linux:perl-compress-raw-zlib, p-cpe:/a:rocky:linux:perl-file-temp, p-cpe:/a:rocky:linux:perl-threads-shared-debuginfo, p-cpe:/a:rocky:linux:perl-thread-queue, p-cpe:/a:rocky:linux:perl-threads-debugsource, p-cpe:/a:rocky:linux:perl-text-template, p-cpe:/a:rocky:linux:perl-pod-simple, p-cpe:/a:rocky:linux:perl-pathtools-debuginfo, p-cpe:/a:rocky:linux:perl-podlators, p-cpe:/a:rocky:linux:perl-digest-sha, p-cpe:/a:rocky:linux:perl-scalar-list-utils, p-cpe:/a:rocky:linux:perl-archive-tar, p-cpe:/a:rocky:linux:perl-filter-simple, p-cpe:/a:rocky:linux:perl-package-generator, p-cpe:/a:rocky:linux:perl-version-debugsource, p-cpe:/a:rocky:linux:perl-mro-compat, p-cpe:/a:rocky:linux:perl-devel-size-debuginfo, p-cpe:/a:rocky:linux:perl-encode-locale, p-cpe:/a:rocky:linux:perl-io-socket-ip, p-cpe:/a:rocky:linux:perl-compress-raw-zlib-debugsource, p-cpe:/a:rocky:linux:perl-text-parsewords, p-cpe:/a:rocky:linux:perl-ipc-cmd, p-cpe:/a:rocky:linux:perl-parent, p-cpe:/a:rocky:linux:perl-term-ansicolor, p-cpe:/a:rocky:linux:perl-module-corelist, p-cpe:/a:rocky:linux:perl-storable-debuginfo, p-cpe:/a:rocky:linux:perl-params-check, p-cpe:/a:rocky:linux:perl-libnet, p-cpe:/a:rocky:linux:perl-io-compress-lzma, p-cpe:/a:rocky:linux:perl-pod-checker, p-cpe:/a:rocky:linux:perl-socket-debugsource, p-cpe:/a:rocky:linux:perl-scalar-list-utils-debuginfo, p-cpe:/a:rocky:linux:perl-bignum, p-cpe:/a:rocky:linux:perl-data-dumper, p-cpe:/a:rocky:linux:perl-compress-raw-zlib-debuginfo, p-cpe:/a:rocky:linux:perl-module-build, p-cpe:/a:rocky:linux:perl-http-tiny, p-cpe:/a:rocky:linux:perl-pod-escapes, p-cpe:/a:rocky:linux:perl-extutils-install, p-cpe:/a:rocky:linux:perl-compress-bzip2, p-cpe:/a:rocky:linux:perl-file-which, p-cpe:/a:rocky:linux:perl-mime-base64-debuginfo, p-cpe:/a:rocky:linux:perl-math-bigint, p-cpe:/a:rocky:linux:perl-compress-raw-bzip2, p-cpe:/a:rocky:linux:perl-test-simple, p-cpe:/a:rocky:linux:perl-cpan-meta-requirements, p-cpe:/a:rocky:linux:perl-data-dumper-debugsource, p-cpe:/a:rocky:linux:perl-extutils-cbuilder, p-cpe:/a:rocky:linux:perl-fedora-vsp, p-cpe:/a:rocky:linux:perl-file-fetch, p-cpe:/a:rocky:linux:perl-params-util-debugsource, p-cpe:/a:rocky:linux:perl-params-util, p-cpe:/a:rocky:linux:perl-constant, p-cpe:/a:rocky:linux:perl-getopt-long, p-cpe:/a:rocky:linux:perl-version, p-cpe:/a:rocky:linux:perl-unicode-normalize, p-cpe:/a:rocky:linux:perl-filter-debuginfo, p-cpe:/a:rocky:linux:perl-version-debuginfo, p-cpe:/a:rocky:linux:perl-carp, p-cpe:/a:rocky:linux:perl-compress-raw-lzma, cpe:/o:rocky:linux:8, p-cpe:/a:rocky:linux:perl-ipc-sysv-debugsource, p-cpe:/a:rocky:linux:perl-extutils-parsexs, p-cpe:/a:rocky:linux:perl-sub-install, p-cpe:/a:rocky:linux:perl-file-homedir, p-cpe:/a:rocky:linux:perl-storable, p-cpe:/a:rocky:linux:perl-local-lib, p-cpe:/a:rocky:linux:perl-digest-sha-debugsource, p-cpe:/a:rocky:linux:perl-test-harness, p-cpe:/a:rocky:linux:perl-pathtools-debugsource, p-cpe:/a:rocky:linux:perl-experimental, p-cpe:/a:rocky:linux:perl-extutils-mm-utils, p-cpe:/a:rocky:linux:perl-unicode-collate-debuginfo, p-cpe:/a:rocky:linux:perl-math-bigrat, p-cpe:/a:rocky:linux:perl-socket-debuginfo, p-cpe:/a:rocky:linux:perl-threads-shared, p-cpe:/a:rocky:linux:perl-compress-raw-bzip2-debugsource, p-cpe:/a:rocky:linux:perl-ipc-system-simple, p-cpe:/a:rocky:linux:perl-cpan, p-cpe:/a:rocky:linux:perl-term-table, p-cpe:/a:rocky:linux:perl-unicode-normalize-debugsource, p-cpe:/a:rocky:linux:perl-scalar-list-utils-debugsource, p-cpe:/a:rocky:linux:perl-text-balanced

必要な KB アイテム: Host/local_checks_enabled, Host/cpu, Host/RockyLinux/release, Host/RockyLinux/rpm-list

エクスプロイトの容易さ: No known exploits are available

パッチ公開日: 2026/4/14

脆弱性公開日: 2025/5/30

参照情報

CVE: CVE-2025-40909