Nom du paquet
perl-CGI-Simple
Date
2010-12-14
Advisory ID
MDVSA-2010:252
Affected versions
CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64

Problem description

A vulnerability was discovered and corrected in perl-CGI-Simple:

CRLF injection vulnerability in the header function in (1) CGI.pm
before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via vectors related to non-whitespace
characters preceded by newline characters, a different vulnerability
than CVE-2010-2761 and CVE-2010-3172 (CVE-2010-4410).

The updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 28c8101be550456f2406b9d1ccb81284  corporate/4.0/x86_64/perl-CGI-Simple-0.077-1.2.20060mlcs4.noarch.rpm 
 4cf16af44ac7aeaee3e950f8029ae1ef  corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.2.20060mlcs4.src.rpm

MES5 i586

 9f8ac88c6490d5e3c37abb221b88deb0  mes5/i586/perl-CGI-Simple-1.1-4.2mdvmes5.1.noarch.rpm 
 d64f4d1322a327ac2f5a9bdde280525a  mes5/SRPMS/perl-CGI-Simple-1.1-4.2mdvmes5.1.src.rpm

CS4.0 i586

 575a970c9dc85982b88b3610f881aeea  corporate/4.0/i586/perl-CGI-Simple-0.077-1.2.20060mlcs4.noarch.rpm 
 4cf16af44ac7aeaee3e950f8029ae1ef  corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.2.20060mlcs4.src.rpm

MES5 x86_64

 1c1dcd1d837926671b4a79a9e9147c2c  mes5/x86_64/perl-CGI-Simple-1.1-4.2mdvmes5.1.noarch.rpm 
 d64f4d1322a327ac2f5a9bdde280525a  mes5/SRPMS/perl-CGI-Simple-1.1-4.2mdvmes5.1.src.rpm

References