MDVSA-2010:167
- Nom du paquet
- perl-libwww-perl
- Date
- 2010-08-31
- Advisory ID
- MDVSA-2010:167
- Affected versions
- 2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in perl-libwww-perl:
lwp-download in libwww-perl before 5.835 does not reject downloads to
filenames that begin with a . (dot) character, which allows remote
servers to create or overwrite files via (1) a 3xx redirect to a
URL with a crafted filename or (2) a Content-Disposition header
that suggests a crafted filename, and possibly execute arbitrary
code as a consequence of writing to a dotfile in a home directory
(CVE-2010-2253).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
Updated packages
2009.0 x86_64
2ee77cc793060c901028a50e9e4bb1c3 2009.0/x86_64/perl-libwww-perl-5.814-2.1mdv2009.0.noarch.rpm dad05da789801ebbd3439b743cde18bb 2009.0/SRPMS/perl-libwww-perl-5.814-2.1mdv2009.0.src.rpm
MES5 i586
6baff2d35be959b597d8d74654626e70 mes5/i586/perl-libwww-perl-5.814-2.1mdvmes5.1.noarch.rpm e50b3e6c5f89aa0309cbdf27e39f335e mes5/SRPMS/perl-libwww-perl-5.814-2.1mdvmes5.1.src.rpm
2010.1 i586
ec0d990eeeaf20968899e20b79ed6864 2010.1/i586/perl-libwww-perl-5.834.0-1.1mdv2010.1.noarch.rpm f4f7832e481d61d2850ddcc4c9182589 2010.1/SRPMS/perl-libwww-perl-5.834.0-1.1mdv2010.1.src.rpm
2010.0 x86_64
3937dc8b11ee88d19dda2934e35cdc11 2010.0/x86_64/perl-libwww-perl-5.832.0-1.1mdv2010.0.noarch.rpm f0a29fd25aeea8046658aba6a25af0e1 2010.0/SRPMS/perl-libwww-perl-5.832.0-1.1mdv2010.0.src.rpm
2010.0 i586
4a2bea6bf8fe36033a1eb2cddefd00d0 2010.0/i586/perl-libwww-perl-5.832.0-1.1mdv2010.0.noarch.rpm f0a29fd25aeea8046658aba6a25af0e1 2010.0/SRPMS/perl-libwww-perl-5.832.0-1.1mdv2010.0.src.rpm
2009.1 i586
9c2e22922cfa40c6c6c8d0d082ea519c 2009.1/i586/perl-libwww-perl-5.825-1.1mdv2009.1.noarch.rpm 735ea6da636354d6a968d0e9ffc9e6ea 2009.1/SRPMS/perl-libwww-perl-5.825-1.1mdv2009.1.src.rpm
2009.0 i586
22c5170f3d9a1eb3a339aaefe380e426 2009.0/i586/perl-libwww-perl-5.814-2.1mdv2009.0.noarch.rpm dad05da789801ebbd3439b743cde18bb 2009.0/SRPMS/perl-libwww-perl-5.814-2.1mdv2009.0.src.rpm
CS4.0 i586
a7379df4aa16235cc17c196376833a4b corporate/4.0/i586/perl-libwww-perl-5.805-2.1.20060mlcs4.noarch.rpm b9a7b0dba8d66ab52ea1a524d75066d1 corporate/4.0/SRPMS/perl-libwww-perl-5.805-2.1.20060mlcs4.src.rpm
2008.0 x86_64
6303498f403be5a428c71c6f36b78aeb 2008.0/x86_64/perl-libwww-perl-5.808-1.1mdv2008.0.noarch.rpm e6f59be4324272eab54259cb28af54b3 2008.0/SRPMS/perl-libwww-perl-5.808-1.1mdv2008.0.src.rpm
CS4.0 x86_64
e9cb360bccd55a54007f4e3b5c14c6f9 corporate/4.0/x86_64/perl-libwww-perl-5.805-2.1.20060mlcs4.noarch.rpm b9a7b0dba8d66ab52ea1a524d75066d1 corporate/4.0/SRPMS/perl-libwww-perl-5.805-2.1.20060mlcs4.src.rpm
2008.0 i586
eb58e07ee5e9524b4e57452a643dbf71 2008.0/i586/perl-libwww-perl-5.808-1.1mdv2008.0.noarch.rpm e6f59be4324272eab54259cb28af54b3 2008.0/SRPMS/perl-libwww-perl-5.808-1.1mdv2008.0.src.rpm
2009.1 x86_64
0766b91c7129d7602a0cb335880860c8 2009.1/x86_64/perl-libwww-perl-5.825-1.1mdv2009.1.noarch.rpm 735ea6da636354d6a968d0e9ffc9e6ea 2009.1/SRPMS/perl-libwww-perl-5.825-1.1mdv2009.1.src.rpm
MES5 x86_64
c60c8f26245abd71bfa80d5d1a967aab mes5/x86_64/perl-libwww-perl-5.814-2.1mdvmes5.1.noarch.rpm e50b3e6c5f89aa0309cbdf27e39f335e mes5/SRPMS/perl-libwww-perl-5.814-2.1mdvmes5.1.src.rpm
2010.1 x86_64
5c5fc935dbca230889195aa8faf28116 2010.1/x86_64/perl-libwww-perl-5.834.0-1.1mdv2010.1.noarch.rpm f4f7832e481d61d2850ddcc4c9182589 2010.1/SRPMS/perl-libwww-perl-5.834.0-1.1mdv2010.1.src.rpm