MDVSA-2009:091-1
- Package name
- mod_perl
- Date
- 2009-12-08
- Advisory ID
- MDVSA-2009:091-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
A vulnerability has been found and corrected in mod_perl v1.x and v2.x:
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status
and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP
Server, when /perl-status is accessible, allows remote attackers to
inject arbitrary web script or HTML via the URI (CVE-2009-0796).
The updated packages have been patched to correct these issues.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
e1ba81012a9fe7d7ac6eedb9c7b48d7f 2008.0/i586/apache-mod_perl-2.0.3-7.1mdv2008.0.i586.rpm 8fcbaa175b49bb9bbf0b3ea1ec87bfee 2008.0/i586/apache-mod_perl-devel-2.0.3-7.1mdv2008.0.i586.rpm f3befe203cc83f75e13134687b006c8f 2008.0/SRPMS/apache-mod_perl-2.0.3-7.1mdv2008.0.src.rpm
2008.0 x86_64
7813457a283230d651325b461a737019 2008.0/x86_64/apache-mod_perl-2.0.3-7.1mdv2008.0.x86_64.rpm a4a0a0493d6c5e26d5d4eb1d0e747465 2008.0/x86_64/apache-mod_perl-devel-2.0.3-7.1mdv2008.0.x86_64.rpm f3befe203cc83f75e13134687b006c8f 2008.0/SRPMS/apache-mod_perl-2.0.3-7.1mdv2008.0.src.rpm