Nom du paquet
mod_perl
Date
2009-12-08
Advisory ID
MDVSA-2009:091-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability has been found and corrected in mod_perl v1.x and v2.x:

Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status
and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP
Server, when /perl-status is accessible, allows remote attackers to
inject arbitrary web script or HTML via the URI (CVE-2009-0796).

The updated packages have been patched to correct these issues.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 e1ba81012a9fe7d7ac6eedb9c7b48d7f  2008.0/i586/apache-mod_perl-2.0.3-7.1mdv2008.0.i586.rpm
 8fcbaa175b49bb9bbf0b3ea1ec87bfee  2008.0/i586/apache-mod_perl-devel-2.0.3-7.1mdv2008.0.i586.rpm 
 f3befe203cc83f75e13134687b006c8f  2008.0/SRPMS/apache-mod_perl-2.0.3-7.1mdv2008.0.src.rpm

2008.0 x86_64

 7813457a283230d651325b461a737019  2008.0/x86_64/apache-mod_perl-2.0.3-7.1mdv2008.0.x86_64.rpm
 a4a0a0493d6c5e26d5d4eb1d0e747465  2008.0/x86_64/apache-mod_perl-devel-2.0.3-7.1mdv2008.0.x86_64.rpm 
 f3befe203cc83f75e13134687b006c8f  2008.0/SRPMS/apache-mod_perl-2.0.3-7.1mdv2008.0.src.rpm

References