| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Nov 2010 18:48:00 +0100 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2010:237 ] perl-CGI -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:237 http://www.mandriva.com/security/ _______________________________________________________________________ Package : perl-CGI Date : November 16, 2010 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A new version of the CGI Perl module has been released to CPAN, which fixes several security bugs which directly affect Bugzilla (these two security bugs where first discovered as affecting Bugzilla, then identified as being bugs in CGI.pm itself). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been upgraded to perl-CGI 3.50 to solve these security issues. _______________________________________________________________________ References: http://www.bugzilla.org/security/3.2.8/ http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 54cece3ad5ca0d9a605acb06b4712dbe 2009.0/i586/perl-CGI-3.50-0.1mdv2009.0.noarch.rpm b1973045ea14cf9a8b1dc83ac8a4fde6 2009.0/i586/perl-CGI-Fast-3.50-0.1mdv2009.0.noarch.rpm 62127170b0a14878ce3abbe005cab32a 2009.0/SRPMS/perl-CGI-3.50-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 2037517b54e8d66f0723def93e517a98 2009.0/x86_64/perl-CGI-3.50-0.1mdv2009.0.noarch.rpm 6d973b61b591423cc5a6cefc45e79246 2009.0/x86_64/perl-CGI-Fast-3.50-0.1mdv2009.0.noarch.rpm 62127170b0a14878ce3abbe005cab32a 2009.0/SRPMS/perl-CGI-3.50-0.1mdv2009.0.src.rpm Mandriva Linux 2010.0: 9ce05f7633402cb6a4034c6904b2b1c8 2010.0/i586/perl-CGI-3.500.0-0.1mdv2010.0.noarch.rpm 89d297ceeceaec673712990953d69c55 2010.0/i586/perl-CGI-Fast-3.500.0-0.1mdv2010.0.noarch.rpm cf30d84a555bb43eec281632224fdebc 2010.0/SRPMS/perl-CGI-3.500.0-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 49ed79c77ef68d48764265f25e628720 2010.0/x86_64/perl-CGI-3.500.0-0.1mdv2010.0.noarch.rpm df6034c9f43698c09e2c39b7f74b97c7 2010.0/x86_64/perl-CGI-Fast-3.500.0-0.1mdv2010.0.noarch.rpm cf30d84a555bb43eec281632224fdebc 2010.0/SRPMS/perl-CGI-3.500.0-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: aa106446efb83bb806133032ee27d8ed 2010.1/i586/perl-CGI-3.500.0-0.1mdv2010.1.noarch.rpm 1cfde3769b9b04fc9c80eac20c8d52db 2010.1/i586/perl-CGI-Fast-3.500.0-0.1mdv2010.1.noarch.rpm 687a844f7fc927d1c00c963d4339b2fe 2010.1/SRPMS/perl-CGI-3.500.0-0.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: b12af6b51121538c51243fd9dcd24262 2010.1/x86_64/perl-CGI-3.500.0-0.1mdv2010.1.noarch.rpm 8638143729dea17fc546677d1e9ebae0 2010.1/x86_64/perl-CGI-Fast-3.500.0-0.1mdv2010.1.noarch.rpm 687a844f7fc927d1c00c963d4339b2fe 2010.1/SRPMS/perl-CGI-3.500.0-0.1mdv2010.1.src.rpm Corporate 4.0: 56b0deb154ab35a724a8b7d3f6c95fac corporate/4.0/i586/perl-CGI-3.50-0.1.20060mlcs4.noarch.rpm ff3f4ac61aa4586b956d328a923cc179 corporate/4.0/i586/perl-CGI-Fast-3.50-0.1.20060mlcs4.noarch.rpm ba49f7da52a13223ac83910dd849f794 corporate/4.0/SRPMS/perl-CGI-3.50-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 50945ecb0af6e4a8c60a8440f75603ee corporate/4.0/x86_64/perl-CGI-3.50-0.1.20060mlcs4.noarch.rpm 0c778aebfef45e4387b43b83769e61a3 corporate/4.0/x86_64/perl-CGI-Fast-3.50-0.1.20060mlcs4.noarch.rpm ba49f7da52a13223ac83910dd849f794 corporate/4.0/SRPMS/perl-CGI-3.50-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: a2a125c0033735e3ca343f2fae5fa963 mes5/i586/perl-CGI-3.50-0.1mdvmes5.1.noarch.rpm 83befd3d04dbb1cbfe7f2cc80ac2ab68 mes5/i586/perl-CGI-Fast-3.50-0.1mdvmes5.1.noarch.rpm 68570870b628412f0c5597b5dca0dc7c mes5/SRPMS/perl-CGI-3.50-0.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: b3529e11d2034fc58fa661824d89bda0 mes5/x86_64/perl-CGI-3.50-0.1mdvmes5.1.noarch.rpm 31b335a4ff312e234cf74775d0025826 mes5/x86_64/perl-CGI-Fast-3.50-0.1mdvmes5.1.noarch.rpm 68570870b628412f0c5597b5dca0dc7c mes5/SRPMS/perl-CGI-3.50-0.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM4pNpmqjQ0CJFipgRAmtrAKCTIC+iX+1dOrrpyEyhICQgIsUlSgCglsGg +63HCTLteKPvspFlPbqx2Lk= =RIbC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists