Paketname
perl-libwww-perl
Datum
2010-08-31
Advisory ID
MDVSA-2010:167
Betroffene Versionen
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problembeschreibung

A vulnerability has been found and corrected in perl-libwww-perl:

lwp-download in libwww-perl before 5.835 does not reject downloads to
filenames that begin with a . (dot) character, which allows remote
servers to create or overwrite files via (1) a 3xx redirect to a
URL with a crafted filename or (2) a Content-Disposition header
that suggests a crafted filename, and possibly execute arbitrary
code as a consequence of writing to a dotfile in a home directory
(CVE-2010-2253).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2009.0 x86_64

 2ee77cc793060c901028a50e9e4bb1c3  2009.0/x86_64/perl-libwww-perl-5.814-2.1mdv2009.0.noarch.rpm 
 dad05da789801ebbd3439b743cde18bb  2009.0/SRPMS/perl-libwww-perl-5.814-2.1mdv2009.0.src.rpm

MES5 i586

 6baff2d35be959b597d8d74654626e70  mes5/i586/perl-libwww-perl-5.814-2.1mdvmes5.1.noarch.rpm 
 e50b3e6c5f89aa0309cbdf27e39f335e  mes5/SRPMS/perl-libwww-perl-5.814-2.1mdvmes5.1.src.rpm

2010.1 i586

 ec0d990eeeaf20968899e20b79ed6864  2010.1/i586/perl-libwww-perl-5.834.0-1.1mdv2010.1.noarch.rpm 
 f4f7832e481d61d2850ddcc4c9182589  2010.1/SRPMS/perl-libwww-perl-5.834.0-1.1mdv2010.1.src.rpm

2010.0 x86_64

 3937dc8b11ee88d19dda2934e35cdc11  2010.0/x86_64/perl-libwww-perl-5.832.0-1.1mdv2010.0.noarch.rpm 
 f0a29fd25aeea8046658aba6a25af0e1  2010.0/SRPMS/perl-libwww-perl-5.832.0-1.1mdv2010.0.src.rpm

2010.0 i586

 4a2bea6bf8fe36033a1eb2cddefd00d0  2010.0/i586/perl-libwww-perl-5.832.0-1.1mdv2010.0.noarch.rpm 
 f0a29fd25aeea8046658aba6a25af0e1  2010.0/SRPMS/perl-libwww-perl-5.832.0-1.1mdv2010.0.src.rpm

2009.1 i586

 9c2e22922cfa40c6c6c8d0d082ea519c  2009.1/i586/perl-libwww-perl-5.825-1.1mdv2009.1.noarch.rpm 
 735ea6da636354d6a968d0e9ffc9e6ea  2009.1/SRPMS/perl-libwww-perl-5.825-1.1mdv2009.1.src.rpm

2009.0 i586

 22c5170f3d9a1eb3a339aaefe380e426  2009.0/i586/perl-libwww-perl-5.814-2.1mdv2009.0.noarch.rpm 
 dad05da789801ebbd3439b743cde18bb  2009.0/SRPMS/perl-libwww-perl-5.814-2.1mdv2009.0.src.rpm

CS4.0 i586

 a7379df4aa16235cc17c196376833a4b  corporate/4.0/i586/perl-libwww-perl-5.805-2.1.20060mlcs4.noarch.rpm 
 b9a7b0dba8d66ab52ea1a524d75066d1  corporate/4.0/SRPMS/perl-libwww-perl-5.805-2.1.20060mlcs4.src.rpm

2008.0 x86_64

 6303498f403be5a428c71c6f36b78aeb  2008.0/x86_64/perl-libwww-perl-5.808-1.1mdv2008.0.noarch.rpm 
 e6f59be4324272eab54259cb28af54b3  2008.0/SRPMS/perl-libwww-perl-5.808-1.1mdv2008.0.src.rpm

CS4.0 x86_64

 e9cb360bccd55a54007f4e3b5c14c6f9  corporate/4.0/x86_64/perl-libwww-perl-5.805-2.1.20060mlcs4.noarch.rpm 
 b9a7b0dba8d66ab52ea1a524d75066d1  corporate/4.0/SRPMS/perl-libwww-perl-5.805-2.1.20060mlcs4.src.rpm

2008.0 i586

 eb58e07ee5e9524b4e57452a643dbf71  2008.0/i586/perl-libwww-perl-5.808-1.1mdv2008.0.noarch.rpm 
 e6f59be4324272eab54259cb28af54b3  2008.0/SRPMS/perl-libwww-perl-5.808-1.1mdv2008.0.src.rpm

2009.1 x86_64

 0766b91c7129d7602a0cb335880860c8  2009.1/x86_64/perl-libwww-perl-5.825-1.1mdv2009.1.noarch.rpm 
 735ea6da636354d6a968d0e9ffc9e6ea  2009.1/SRPMS/perl-libwww-perl-5.825-1.1mdv2009.1.src.rpm

MES5 x86_64

 c60c8f26245abd71bfa80d5d1a967aab  mes5/x86_64/perl-libwww-perl-5.814-2.1mdvmes5.1.noarch.rpm 
 e50b3e6c5f89aa0309cbdf27e39f335e  mes5/SRPMS/perl-libwww-perl-5.814-2.1mdvmes5.1.src.rpm

2010.1 x86_64

 5c5fc935dbca230889195aa8faf28116  2010.1/x86_64/perl-libwww-perl-5.834.0-1.1mdv2010.1.noarch.rpm 
 f4f7832e481d61d2850ddcc4c9182589  2010.1/SRPMS/perl-libwww-perl-5.834.0-1.1mdv2010.1.src.rpm

Referenzen