lwindolf / lpvs Goto Github PK
View Code? Open in Web Editor NEWLinux Package Vulnerability Scanner
License: GNU General Public License v2.0
lpvs's Introduction
lpvs's People
Contributors
Stargazers
Watchers
lpvs's Issues
fedora URL has changed
I wanted to give it a try today but it seems the url to pull security advisories has changed as the page redirects to something else ?
Thanks
Sequence not recognized in regex
On CentOS 5,
$ ./lpvs-scan.pl
Sequence (?<e...) not recognized in regex; marked by <-- HERE in m/^((?<e <-- HERE poch>\d+):)?(?<upstream>.+)-(?<revision>[^-]+)/ at ./lpvs-scan.pl line 205.
Version info
$ lsb_release -a
LSB Version: :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 5.8 (Final)
Release: 5.8
Codename: Final
$ rpm -qa | grep perl-XML
perl-XML-NamespaceSupport-1.09-1.2.1
perl-XML-LibXML-1.58-6
perl-XML-SAX-0.14-11
perl-XML-Parser-2.34-6.1.2.2.1
perl-XML-LibXSLT-1.58-5.el5
perl-XML-Simple-2.14-4.fc6
perl-XML-LibXML-Common-0.13-8.2.2
$ perl --version | head -n2
This is perl, v5.8.8 built for x86_64-linux-thread-multi
I did some research, and I think the issue is related the Named Capture Buffers syntax, (?<>) introduced in perl >= 5.10.
I'd recommend making this backwards compatible with perl 5.8 or at least advertising perl >= 5.10 as being required.
Note: I've confirmed that this script works on CentOS 6.2 (perl 5.10.1).
lpvs is resporting wrong installed packages version in Ubuntu Utopic Unicorn
As I though it was perl version related I installed perl 5.10.1 with perlbrew but still same effect:
Below it reports as if libgnutls-openssl27 is installed in version 2.12.23-12ubuntu2.1 (which is vulnerable) but I have 3.2.16-1ubuntu2.1 installed instead.
May it be related to Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 302.?
bash-4.3$ perl lpvs scan
397 Ubuntu packages are installed.
Downloading advisory feed 'http://www.ubuntu.com/usn/rss.xml' ...
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 302.
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 302.
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 303.
Use of uninitialized value $version in hash element at ./lpvs-scan.pl line 303.
USN-2432-1: GNU C Library vulnerabilities
USN-2425-1: DBus vulnerability
USN-2411-1: mountall vulnerability
USN-2403-1: GnuTLS vulnerability
-> Vulnerable 'libgnutls-openssl27' version 2.12.23-12ubuntu2.1 installed!
You should update to one the following versions:
3.2.16-1ubuntu2.1
Done.
bash-4.3$ dpkg -l | grep libgnutls
ii libgnutls-deb0-28:amd64 3.2.16-1ubuntu2.1 amd64 GNU TLS library - main runtime library
ii libgnutls-openssl27:amd64 3.2.16-1ubuntu2.1 amd64 GNU TLS library - OpenSSL wrapper
ii libgnutls26:amd64 2.12.23-15ubuntu2 amd64 GNU TLS library - runtime library
bash-4.3$ perl -V
Summary of my perl5 (revision 5 version 10 subversion 1) configuration:
Platform:
osname=linux, osvers=3.13.0-43-generic, archname=x86_64-linux
uname='linux vagrant-base-trusty-amd64 3.13.0-43-generic #72-ubuntu smp mon dec 8 19:35:06 utc 2014 x86_64 x86_64 x86_64 gnulinux '
config_args='-de -Dprefix=/home/vagrant/perl5/perlbrew/perls/perl-5.10.1 -Aeval:scriptdir=/home/vagrant/perl5/perlbrew/perls/perl-5.10.1/bin'
hint=recommended, useposix=true, d_sigaction=define
useithreads=undef, usemultiplicity=undef
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=define, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2',
cppflags='-fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
ccversion='', gccversion='4.9.1', gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
libpth=/usr/local/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/lib
libs=-lnsl -ldl -lm -lcrypt -lutil -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
libc=libc-2.19.so, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version='2.19'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector'
Characteristics of this binary (from libperl):
Compile-time options: PERL_DONT_CREATE_GVSV PERL_MALLOC_WRAP USE_64_BIT_ALL
USE_64_BIT_INT USE_LARGE_FILES USE_PERLIO
Built under linux
Compiled at Dec 15 2014 21:52:19
%ENV:
PERLBREW_MANPATH="/home/vagrant/perl5/perlbrew/perls/perl-5.10.1/man"
PERLBREW_PATH="/home/vagrant/perl5/perlbrew/bin:/home/vagrant/perl5/perlbrew/perls/perl-5.10.1/bin"
PERLBREW_PERL="perl-5.10.1"
PERLBREW_ROOT="/home/vagrant/perl5/perlbrew"
PERLBREW_SKIP_INIT="1"
PERLBREW_VERSION="0.67"
@INC:
/home/vagrant/perl5/perlbrew/perls/perl-5.10.1/lib/5.10.1/x86_64-linux
/home/vagrant/perl5/perlbrew/perls/perl-5.10.1/lib/5.10.1
/home/vagrant/perl5/perlbrew/perls/perl-5.10.1/lib/site_perl/5.10.1/x86_64-linux
/home/vagrant/perl5/perlbrew/perls/perl-5.10.1/lib/site_perl/5.10.1
.When I run with default perl from Utopic, the result is the same:
vagrant@vagrant-base-trusty-amd64:/vagrant$ perl lpvs scan
397 Ubuntu packages are installed.
Downloading advisory feed 'http://www.ubuntu.com/usn/rss.xml' ...
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 302.
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 302.
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 303.
Use of uninitialized value $version in hash element at ./lpvs-scan.pl line 303.
USN-2432-1: GNU C Library vulnerabilities
USN-2425-1: DBus vulnerability
USN-2411-1: mountall vulnerability
USN-2403-1: GnuTLS vulnerability
-> Vulnerable 'libgnutls-openssl27' version 2.12.23-12ubuntu2.1 installed!
You should update to one the following versions:
3.2.16-1ubuntu2.1
Done.vagrant@vagrant-base-trusty-amd64:/vagrant$ perl -V
Summary of my perl5 (revision 5 version 20 subversion 1)...
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.