lpvs icon indicating copy to clipboard operation
lpvs copied to clipboard

lpvs is resporting wrong installed packages version in Ubuntu Utopic Unicorn

Open alinefr opened this issue 11 years ago • 0 comments

As I though it was perl version related I installed perl 5.10.1 with perlbrew but still same effect:

Below it reports as if libgnutls-openssl27 is installed in version 2.12.23-12ubuntu2.1 (which is vulnerable) but I have 3.2.16-1ubuntu2.1 installed instead.

May it be related to Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 302.?

bash-4.3$ perl lpvs scan
397 Ubuntu packages are installed.
Downloading advisory feed 'http://www.ubuntu.com/usn/rss.xml' ...
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 302.
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 302.
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 303.
Use of uninitialized value $version in hash element at ./lpvs-scan.pl line 303.
USN-2432-1: GNU C Library vulnerabilities
USN-2425-1: DBus vulnerability
USN-2411-1: mountall vulnerability
USN-2403-1: GnuTLS vulnerability
   -> Vulnerable 'libgnutls-openssl27' version 2.12.23-12ubuntu2.1 installed!

      You should update to one the following versions:

         3.2.16-1ubuntu2.1

Done.
bash-4.3$ dpkg -l | grep libgnutls
ii  libgnutls-deb0-28:amd64      3.2.16-1ubuntu2.1            amd64        GNU TLS library - main runtime library
ii  libgnutls-openssl27:amd64    3.2.16-1ubuntu2.1            amd64        GNU TLS library - OpenSSL wrapper
ii  libgnutls26:amd64            2.12.23-15ubuntu2            amd64        GNU TLS library - runtime library
bash-4.3$ perl -V
Summary of my perl5 (revision 5 version 10 subversion 1) configuration:

  Platform:
    osname=linux, osvers=3.13.0-43-generic, archname=x86_64-linux
    uname='linux vagrant-base-trusty-amd64 3.13.0-43-generic #72-ubuntu smp mon dec 8 19:35:06 utc 2014 x86_64 x86_64 x86_64 gnulinux '
    config_args='-de -Dprefix=/home/vagrant/perl5/perlbrew/perls/perl-5.10.1 -Aeval:scriptdir=/home/vagrant/perl5/perlbrew/perls/perl-5.10.1/bin'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2',
    cppflags='-fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.9.1', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/lib
    libs=-lnsl -ldl -lm -lcrypt -lutil -lc
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
    libc=libc-2.19.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.19'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector'


Characteristics of this binary (from libperl):
  Compile-time options: PERL_DONT_CREATE_GVSV PERL_MALLOC_WRAP USE_64_BIT_ALL
                        USE_64_BIT_INT USE_LARGE_FILES USE_PERLIO
  Built under linux
  Compiled at Dec 15 2014 21:52:19
  %ENV:
    PERLBREW_MANPATH="/home/vagrant/perl5/perlbrew/perls/perl-5.10.1/man"
    PERLBREW_PATH="/home/vagrant/perl5/perlbrew/bin:/home/vagrant/perl5/perlbrew/perls/perl-5.10.1/bin"
    PERLBREW_PERL="perl-5.10.1"
    PERLBREW_ROOT="/home/vagrant/perl5/perlbrew"
    PERLBREW_SKIP_INIT="1"
    PERLBREW_VERSION="0.67"
  @INC:
    /home/vagrant/perl5/perlbrew/perls/perl-5.10.1/lib/5.10.1/x86_64-linux
    /home/vagrant/perl5/perlbrew/perls/perl-5.10.1/lib/5.10.1
    /home/vagrant/perl5/perlbrew/perls/perl-5.10.1/lib/site_perl/5.10.1/x86_64-linux
    /home/vagrant/perl5/perlbrew/perls/perl-5.10.1/lib/site_perl/5.10.1
    .

When I run with default perl from Utopic, the result is the same:

vagrant@vagrant-base-trusty-amd64:/vagrant$ perl lpvs scan
397 Ubuntu packages are installed.
Downloading advisory feed 'http://www.ubuntu.com/usn/rss.xml' ...
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 302.
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 302.
Use of uninitialized value $package in hash element at ./lpvs-scan.pl line 303.
Use of uninitialized value $version in hash element at ./lpvs-scan.pl line 303.
USN-2432-1: GNU C Library vulnerabilities
USN-2425-1: DBus vulnerability
USN-2411-1: mountall vulnerability
USN-2403-1: GnuTLS vulnerability
   -> Vulnerable 'libgnutls-openssl27' version 2.12.23-12ubuntu2.1 installed!

      You should update to one the following versions:

         3.2.16-1ubuntu2.1

Done.
vagrant@vagrant-base-trusty-amd64:/vagrant$ perl -V
Summary of my perl5 (revision 5 version 20 subversion 1)...

alinefr avatar Dec 15 '14 22:12 alinefr