MDKSA-2003:084

Package name

perl-CGI

Date

2003-08-20

Advisory ID

MDKSA-2003:084

Affected versions

9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , MNF8.2 i586 , 9.1 i586 , 8.2 i586

Problem description

Eye on Security found a cross-site scripting vulnerability in the start_form() function in CGI.pm. This vulnerability allows a remote attacker to place a web script in a URL which feeds into a form's action parameter and allows execution by the browser as if it was coming from the site.

Updated packages

9.1 i586

 edbef67588070e8b64cc067bc38df59f  9.1/RPMS/perl-CGI-3.00-0.2mdk.noarch.rpm
d33e5b70ccb06a6634eb784b987c3709  9.1/SRPMS/perl-CGI-3.00-0.2mdk.src.rpm

CS2.1 x86_64

 ae71f34a21a149948e1f28263cb38a09  x86_64/corporate/2.1/RPMS/perl-CGI-3.00-0.2mdk.noarch.rpm
d33e5b70ccb06a6634eb784b987c3709  x86_64/corporate/2.1/SRPMS/perl-CGI-3.00-0.2mdk.src.rpm

CS2.1 i586

 ba7ff50de983c694a0de5a18686defb0  corporate/2.1/RPMS/perl-CGI-3.00-0.2mdk.noarch.rpm
d33e5b70ccb06a6634eb784b987c3709  corporate/2.1/SRPMS/perl-CGI-3.00-0.2mdk.src.rpm

9.0 i586

 ba7ff50de983c694a0de5a18686defb0  9.0/RPMS/perl-CGI-3.00-0.2mdk.noarch.rpm
d33e5b70ccb06a6634eb784b987c3709  9.0/SRPMS/perl-CGI-3.00-0.2mdk.src.rpm

8.2 i586

 287cfec9115ac5395cef982b054d6e0f  8.2/RPMS/perl-CGI-3.00-0.1mdk.noarch.rpm
f30e0a5c1424e2ba6015991bbf4a8760  8.2/SRPMS/perl-CGI-3.00-0.1mdk.src.rpm

MNF8.2 i586

 287cfec9115ac5395cef982b054d6e0f  mnf8.2/RPMS/perl-CGI-3.00-0.1mdk.noarch.rpm
f30e0a5c1424e2ba6015991bbf4a8760  mnf8.2/SRPMS/perl-CGI-3.00-0.1mdk.src.rpm

9.1 i586

 ac48b149899c0ec2dfe3b7eade985253  ppc/9.1/RPMS/perl-CGI-3.00-0.2mdk.noarch.rpm
d33e5b70ccb06a6634eb784b987c3709  ppc/9.1/SRPMS/perl-CGI-3.00-0.2mdk.src.rpm

8.2 i586

 0099608448f3ad7074daae3ccb48f4fe  ppc/8.2/RPMS/perl-CGI-3.00-0.1mdk.noarch.rpm
f30e0a5c1424e2ba6015991bbf4a8760  ppc/8.2/SRPMS/perl-CGI-3.00-0.1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615
• http://eyeonsecurity.org/advisories/CGI.pm/adv.html