| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1TkcNJ-00089j-5L@titan.mandriva.com> Date: Mon, 17 Dec 2012 16:13:00 +0100 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2012:180 ] perl-CGI -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:180 http://www.mandriva.com/security/ _______________________________________________________________________ Package : perl-CGI Date : December 17, 2012 Affected: 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in perl-CGI: CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm (CVE-2012-5526). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526 _______________________________________________________________________ Updated Packages: Mandriva Linux 2011: 50cf86029ab55cafdf1dd097fe1460a8 2011/i586/perl-CGI-3.530.0-1.1-mdv2011.0.noarch.rpm 1434cb67b81527de2bcd1b58372467bb 2011/i586/perl-CGI-Fast-3.530.0-1.1-mdv2011.0.noarch.rpm 1567128bd2cc583cac6a794470cf3770 2011/SRPMS/perl-CGI-3.530.0-1.1.src.rpm Mandriva Linux 2011/X86_64: 0100f923c13c18560a14ef3e9fa8f3c8 2011/x86_64/perl-CGI-3.530.0-1.1-mdv2011.0.noarch.rpm bcce1db379d664a30f1085bde2db72e5 2011/x86_64/perl-CGI-Fast-3.530.0-1.1-mdv2011.0.noarch.rpm 1567128bd2cc583cac6a794470cf3770 2011/SRPMS/perl-CGI-3.530.0-1.1.src.rpm Mandriva Enterprise Server 5: a6bd38e4026b761ea997b42cc18d9029 mes5/i586/perl-CGI-3.51-0.2mdvmes5.2.noarch.rpm b8e3c4744defe3fa9a16c905c7f913f1 mes5/i586/perl-CGI-Fast-3.51-0.2mdvmes5.2.noarch.rpm 1e39d250391ff10be35989efaff40d7d mes5/SRPMS/perl-CGI-3.51-0.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 33edeefe1e2c87b6de23ef34be0923ec mes5/x86_64/perl-CGI-3.51-0.2mdvmes5.2.noarch.rpm 4ddf1030bcf2e335a91e067773761648 mes5/x86_64/perl-CGI-Fast-3.51-0.2mdvmes5.2.noarch.rpm 1e39d250391ff10be35989efaff40d7d mes5/SRPMS/perl-CGI-3.51-0.2mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQzwmNmqjQ0CJFipgRAiGkAJ0Zxnuk3Y6QmIt6LA4guv6RgrSccgCfWsgH uLtZthzKc44HNbQFQfY8fqE= =THJs -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists