nachdem Upgrade von Debian 11 auf 12 habe ich eine Supportdaten-Analyse in Znuny (6.5.4) gestartet und erhielt folgende Meldung:
Perl Module Audit
CPAN::Audit hat berichtet, dass ein oder mehrere installierte Perl-Module bekannte Schwachstellen aufweisen. Bitte beachten Sie, dass es möglicherweise falsche Positivmeldungen für Distributionen gibt, die Perl-Module patchen, ohne ihre Versionsnummer zu ändern.
Per-Module scheinen ok zu sein:Data-UUID (version 1.226) has 1 advisories:
* CPANSA-Data-UUID-2013-4184
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks
Affected versions: >1.219
CVEs: CVE-2013-4184
File-Slurp (version 9999.19) has 1 advisories:
* CPANSA-File-Slurp-2013-01
Use of sysread treats any :encoding(...) as effectively :utf8.
Affected versions: <9999.26
Fixed versions: >=9999.26
File-Temp (version 0.2311) has 1 advisories:
* CPANSA-File-Temp-2011-4116
_is_safe in the File::Temp module for Perl does not properly handle symlinks.
Affected versions: >0
CVEs: CVE-2011-4116
XML-Simple (version 2.24) has 1 advisories:
* CPANSA-XML-Simple-2018-01
The No. 4 item on the OWASP top 10 is external XML entities. When using XML::Parser, XML::Simple is currently vulnerable by default.
Affected versions: <2.25
Fixed versions: >=2.25
YAML (version 1.23) has 2 advisories:
* CPANSA-YAML-2019-01
Loading globs is easily exploitable.
Affected versions: <1.28
Fixed versions: >=1.28
* CPANSA-YAML-2017-01
YAML loader can run DESTROY method of object created with perl/* tag.
Affected versions: <1.25
Fixed versions: >=1.25
Total 6 advisories found in 5 modules.
im CPAN und r sehe ich auch nichts ähnliches, wo ich die Module updaten könnte.o Apache::DBI......................ok (v1.12)
o Apache2::Reload..................ok (v0.13)
o Archive::Tar.....................ok (v2.40)
o Archive::Zip.....................ok (v1.68)
o Authen::SASL.....................ok (v2.16)
o CPAN::Audit......................ok (v20230309.004)
o Crypt::Eksblowfish::Bcrypt.......ok (v0.009)
o Crypt::JWT.......................ok (v0.034)
o Crypt::OpenSSL::X509.............ok (v1.914)
o CSS::Minifier::XS................ok (v0.13)
o Data::UUID.......................ok (v1.226)
o Date::Format.....................ok (v2.24)
o DateTime.........................ok (v1.59)
o DateTime::TimeZone.............ok (v2.60)
o DBI..............................ok (v1.643)
o DBD::mysql.......................ok (v4.050)
o DBD::ODBC........................Not installed! (optional - Required to connect to a MS-SQL database.)
o DBD::Oracle......................Not installed! (optional - Required to connect to a Oracle database.)
o DBD::Pg..........................Not installed! (optional - Required to connect to a PostgreSQL database.)
o Digest::SHA......................ok (v6.02)
o Encode::HanExtra.................ok (v0.23)
o Excel::Writer::XLSX..............ok (v0.95)
o Hash::Merge......................ok (v0.302)
o iCal::Parser.....................ok (v1.21)
o IO::Socket::SSL..................ok (v2.081)
o JavaScript::Minifier::XS.........ok (v0.15)
o Jq...............................ok (v0.01)
o JSON::XS.........................ok (v4.03)
o List::Util::XS...................ok (v1.62)
o LWP::UserAgent...................ok (v6.53)
o Mail::IMAPClient.................ok (v3.43)
o IO::Socket::SSL................ok (v2.081)
o Authen::NTLM...................ok (v1.09)
o ModPerl::Util....................ok (v2.000012)
o Moo..............................ok (v2.005005)
o Net::DNS.........................ok (v1.36)
o Net::LDAP........................ok (v0.68)
o Net::LDAP::Constant..............ok (v0.24)
o Net::SMTP........................ok (v3.14)
o Spreadsheet::XLSX................ok (v0.17)
o Template.........................ok (v2.27)
o Template::Stash::XS..............ok (undef)
o Text::Diff::FormattedHTML........ok (v0.08)
o Text::CSV_XS.....................ok (v1.49)
o Time::HiRes......................ok (v1.9770)
o Time::Piece......................ok (v1.3401)
o XML::LibXML......................ok (v2.0134)
o XML::LibXSLT.....................ok (v2.002001)
o XML::Parser......................ok (v2.46)
o YAML::XS.........................ok (v0.86)
Bundled modules:
o Algorithm::Diff..................ok (v1.1903)
o Apache::DBI......................ok (v1.12)
o CGI..............................ok (v4.36)
o CSS::Minifier....................ok (v0.01)
o Class::Inspector.................ok (v1.31)
o Crypt::PasswdMD5.................ok (v1.40)
o Crypt::Random::Source............ok (v0.14)
o Email::Valid.....................ok (v1.202)
o Encode::Locale...................ok (v1.05)
o Exporter::Tiny...................ok (v1.002001)
o IO::Interactive..................ok (v1.022)
o JSON.............................ok (v2.94)
o JSON::PP.........................ok (v2.27203)
o JavaScript::Minifier.............ok (v1.15)
o LWP..............................ok (v6.53)
o Linux::Distribution..............ok (v0.23)
o Locale::Codes....................ok (v3.52)
o MIME::Tools......................ok (v5.509)
o Mail::Address....................ok (v2.18)
o Mail::Internet...................ok (v2.18)
o Math::Random::ISAAC..............ok (v1.004)
o Math::Random::Secure.............ok (v0.080001)
o Module::Find.....................ok (v0.15)
o Module::Refresh..................ok (v0.17)
o Moo..............................ok (v2.005005)
o Mozilla::CA......................ok (v20211001)
o Net::HTTP........................ok (v6.17)
o Net::IMAP::Simple................ok (v1.2209)
o Net::SSLGlue.....................ok (v1.058)
o PDF::API2........................ok (v2.033)
o SOAP::Lite.......................ok (v1.20)
o Sisimai..........................ok (vv4.25.16)
o Sys::Hostname::Long..............ok (v1.5)
o Text::CSV........................ok (v1.95)
o Text::Diff.......................ok (v1.44)
o Types::TypeTiny..................ok (v1.010000)
o URI..............................ok (v1.71)
o YAML.............................ok (v1.23)
o namespace::clean.................ok (v0.27)
o parent...........................ok (v0.236)
Wo kann ich die Module überprüfen und ggf. updaten?