A security vulnerability has been discovered in the Perl scripting language used in IGEL OS. This affects the following IGEL products:
IGEL OS 11
Details
Perl is vulnerable to a stack-based crash that can lead to remote code execution or local privilege escalation (CVE-2022-48522). This is rated as high. Additionally, when a regular expression is compiled by Perl, an attacker could craft an expression that leads to a controlled overflow in a heap allocated buffer (CVE-2023-47038, high).
Update Instructions
OS 11: Update to IGEL OS 11.09.160 when available.