Paketname
perl-CGI-Simple
Datum
2010-12-09
Advisory ID
MDVSA-2010:250
Betroffene Versionen
CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64

Problembeschreibung

A vulnerability was discovered and corrected in perl-CGI-Simple:

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm
in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME
boundary string in multipart/x-mixed-replace content, which allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via crafted input that contains this value,
a different vulnerability than CVE-2010-3172 (CVE-2010-2761).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

CS4.0 x86_64

 5231722e821a5478827e17293dd0836b  corporate/4.0/x86_64/perl-CGI-Simple-0.077-1.1.20060mlcs4.noarch.rpm 
 e37ee0869e2fd9f4e875354edca20c6f  corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.1.20060mlcs4.src.rpm

MES5 i586

 04f4b7381ba21a1ba14845a06b680fb1  mes5/i586/perl-CGI-Simple-1.1-4.1mdvmes5.1.noarch.rpm 
 15d6dc30e4dbf78a7371c1715386f552  mes5/SRPMS/perl-CGI-Simple-1.1-4.1mdvmes5.1.src.rpm

CS4.0 i586

 b2e5ffba685cf732133e42fe1b82791d  corporate/4.0/i586/perl-CGI-Simple-0.077-1.1.20060mlcs4.noarch.rpm 
 e37ee0869e2fd9f4e875354edca20c6f  corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.1.20060mlcs4.src.rpm

MES5 x86_64

 bf81ab1b1798bb141b74c6f8e6d59630  mes5/x86_64/perl-CGI-Simple-1.1-4.1mdvmes5.1.noarch.rpm 
 15d6dc30e4dbf78a7371c1715386f552  mes5/SRPMS/perl-CGI-Simple-1.1-4.1mdvmes5.1.src.rpm

Referenzen