Hello All,
I asked this on the other forum, but had no replies - so hope it's ok to ask here.
It takes a long delay to create a new statistic of type "ticketlist".
Does anyone know how I would chase this issue down please? Nothing of note in the messages log, and the system is fast in every other way.
It must have developed recently, as I dont recall having this problem before. I cannot think of a single change I've made to the system to cause this.
Thank you,
Michael
Delay/freeze when creating new statistic ticketlist
Moderator: crythias
-
zzz
- Znuny superhero
- Posts: 890
- Joined: 15 Dec 2016, 15:13
- Znuny Version: All
- Real Name: Emin
- Company: Efflux GmbH
- Contact:
Re: Delay/freeze when creating new statistic ticketlist
Hello Michael,
It's hard to remotely help with these kinds of problems.
You either manually debug the code and try to figure out what's causing the slowness or you use a profiler like Devel::NYTProf.
But both ways will force you to dig into Perl/the code.
Best regards
Emin
It's hard to remotely help with these kinds of problems.
You either manually debug the code and try to figure out what's causing the slowness or you use a profiler like Devel::NYTProf.
But both ways will force you to dig into Perl/the code.
Best regards
Emin
Professional OTRS, Znuny & OTOBO services: efflux.de | efflux.de/en/
Free and premium add-ons: German | English
Free and premium add-ons: German | English
-
apolloit
- Znuny newbie
- Posts: 36
- Joined: 01 Jun 2015, 10:17
- Znuny Version: 6.0.28
- Real Name: Michael James
Re: Delay/freeze when creating new statistic ticketlist
Thanks Emin,
I might struggle with these as I'm not a Perl programmer by any stretch.
However I'm happy to share my screen with someone and pay for their time, if that's appropriate?
I can even set up a cloned environment that we can test/trash?
Many thanks indeed,
Michael
I might struggle with these as I'm not a Perl programmer by any stretch.
However I'm happy to share my screen with someone and pay for their time, if that's appropriate?
I can even set up a cloned environment that we can test/trash?
Many thanks indeed,
Michael
-
apolloit
- Znuny newbie
- Posts: 36
- Joined: 01 Jun 2015, 10:17
- Znuny Version: 6.0.28
- Real Name: Michael James
Re: Delay/freeze when creating new statistic ticketlist
And with regards PERL - I can report the following from the support data collector. This was the only part in orange
I remember having issues updating the perl modules with yum during the v4-v5-v6 upgrade processes... It would report updating them them, but basically report the same version upon checking.
Any help appreciated... I read up on cpan, and it looks like it could land me in deep trouble
I remember having issues updating the perl modules with yum during the v4-v5-v6 upgrade processes... It would report updating them them, but basically report the same version upon checking.
Any help appreciated... I read up on cpan, and it looks like it could land me in deep trouble
Code: Select all
Collecting all installed modules. This can take a while...
Archive-Tar (requires 1.92) has 1 advisories
* CPANSA-Archive-Tar-2018-01
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Affected range: <2.28
CVEs: CVE-2018-12015
References:
https://security-tracker.debian.org/tracker/CVE-2018-12015
https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
Archive-Zip (requires 1.30) has 1 advisories
* CPANSA-Archive-Zip-2018-01
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
Affected range: <1.61
CVEs: CVE-2018-10860
References:
https://security-tracker.debian.org/tracker/CVE-2018-10860
https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
Compress-Raw-Zlib (requires 2.061) has 1 advisories
* CPANSA-Compress-Raw-Zlib-2017-01
Zlib vulnerabilities.
Affected range: <2.075
Fixed range: >=2.075
CVEs: CVE-2016-9843, CVE-2016-9841, CVE-2016-9840, CVE-2016-9842
References:
https://metacpan.org/changes/distribution/Compress-Raw-Zlib
DBI (requires 1.627) has 1 advisories
* CPANSA-DBI-2014-01
DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.
Affected range: <1.632
Fixed range: >=1.632
References:
https://metacpan.org/changes/distribution/DBI
https://rt.cpan.org/Public/Bug/Display.html?id=99508
Data-Dumper (requires 2.145) has 1 advisories
* CPANSA-Data-Dumper-2014-01
Infinite recursion.
Affected range: <2.154
Fixed range: >=2.154
CVEs: CVE-2014-4330
References:
https://metacpan.org/changes/distribution/Data-Dumper
Encode (requires 2.51) has 1 advisories
* CPANSA-Encode-2016-01
Loading optional modules from . (current directory).
Affected range: <2.85
Fixed range: >=2.85
CVEs: CVE-2016-1238
References:
https://metacpan.org/changes/distribution/Encode
https://github.com/dankogai/p5-encode/pull/58/commits/12be15d64ce089154c4367dc1842cd0dc0993ec6
ExtUtils-MakeMaker (requires 6.68) has 1 advisories
* CPANSA-ExtUtils-MakeMaker-2016-01
Loading modules from . (current directory).
Affected range: <7.22
Fixed range: >=7.22
CVEs: CVE-2016-1238
References:
https://metacpan.org/changes/distribution/ExtUtils-MakeMaker
https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/commit/3e9df17d11c40f2561c23ec79693c8c390e0ae88
File-Path (requires 2.09) has 1 advisories
* CPANSA-File-Path-2017-01
Race condition in the rmtree and remove_tree functions allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
Affected range: <2.13
Fixed range: >=2.13
CVEs: CVE-2017-6512
References:
https://metacpan.org/changes/distribution/File-Path
https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
HTTP-Tiny (requires 0.033) has 1 advisories
* CPANSA-HTTP-Tiny-2016-01
Loading modules from . (current directory).
Affected range: <0.059
Fixed range: >=0.059
CVEs: CVE-2016-1238
References:
https://metacpan.org/changes/distribution/HTTP-Tiny
https://github.com/chansen/p5-http-tiny/commit/b239c95ea7a256cfee9b8848f1bd4d1df6e66444
PathTools (requires 3.40) has 2 advisories
* CPANSA-PathTools-2016-02
Does not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
Affected range: <3.65
Fixed range: >=3.65
CVEs: CVE-2016-1238
References:
https://metacpan.org/changes/distribution/PathTools
* CPANSA-PathTools-2016-01
Does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Affected range: <3.62
Fixed range: >=3.62
CVEs: CVE-2015-8607
References:
https://metacpan.org/changes/distribution/PathTools
Storable (requires 2.45) has 1 advisories
* CPANSA-Storable-2017-01
Malcrafted storable files or buffers.
Affected range: <3.05
Fixed range: >=3.05
References:
https://metacpan.org/changes/distribution/Storable
https://cxsecurity.com/issue/WLB-2007120031
XML-LibXML (requires 2.0018) has 1 advisories
* CPANSA-XML-LibXML-2015-01
The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
Affected range: <2.0120
Fixed range: >=2.0120
CVEs: CVE-2015-3451
References:
https://metacpan.org/changes/distribution/XML-LibXML
Total advisories found: 13