Nom du paquet
perl-HTTP-Body
Date
2013-11-25
Advisory ID
MDVSA-2013:282
Affected versions
MBS1 x86_64

Problem description

Updated perl-HTTP-Body package fixes security vulnerability:

Jonathan Dolle reported a design error in HTTP::Body, a Perl module
for processing data from HTTP POST requests. The HTTP body multipart
parser creates temporary files which preserve the suffix of the
uploaded file. An attacker able to upload files to a service that
uses HTTP::Body::Multipart could potentially execute commands on the
server if these temporary filenames are used in subsequent commands
without further checks (CVE-2013-4407).

Updated packages

MBS1 x86_64

 937c5f147525ee62b2001e67a302ad53  mbs1/x86_64/perl-HTTP-Body-1.150.0-2.1.mbs1.noarch.rpm 
 57d5d2097c71c85059fca544e89f5ff3  mbs1/SRPMS/perl-HTTP-Body-1.150.0-2.1.mbs1.src.rpm

References