MDVSA-2010:250
- Nom du paquet
- perl-CGI-Simple
- Date
- 2010-12-09
- Advisory ID
- MDVSA-2010:250
- Affected versions
- CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64
Problem description
A vulnerability was discovered and corrected in perl-CGI-Simple:
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm
in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME
boundary string in multipart/x-mixed-replace content, which allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via crafted input that contains this value,
a different vulnerability than CVE-2010-3172 (CVE-2010-2761).
The updated packages have been patched to correct this issue.
Updated packages
CS4.0 x86_64
5231722e821a5478827e17293dd0836b corporate/4.0/x86_64/perl-CGI-Simple-0.077-1.1.20060mlcs4.noarch.rpm e37ee0869e2fd9f4e875354edca20c6f corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.1.20060mlcs4.src.rpm
MES5 i586
04f4b7381ba21a1ba14845a06b680fb1 mes5/i586/perl-CGI-Simple-1.1-4.1mdvmes5.1.noarch.rpm 15d6dc30e4dbf78a7371c1715386f552 mes5/SRPMS/perl-CGI-Simple-1.1-4.1mdvmes5.1.src.rpm
CS4.0 i586
b2e5ffba685cf732133e42fe1b82791d corporate/4.0/i586/perl-CGI-Simple-0.077-1.1.20060mlcs4.noarch.rpm e37ee0869e2fd9f4e875354edca20c6f corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.1.20060mlcs4.src.rpm
MES5 x86_64
bf81ab1b1798bb141b74c6f8e6d59630 mes5/x86_64/perl-CGI-Simple-1.1-4.1mdvmes5.1.noarch.rpm 15d6dc30e4dbf78a7371c1715386f552 mes5/SRPMS/perl-CGI-Simple-1.1-4.1mdvmes5.1.src.rpm