Home page logo
/

bugtraq logo Bugtraq mailing list archives

[ MDVSA-2010:250 ] perl-CGI-Simple
From: security () mandriva com
Date: Thu, 09 Dec 2010 16:30:00 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:250
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : perl-CGI-Simple
 Date    : December 9, 2010
 Affected: Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in perl-CGI-Simple:
 
 The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm
 in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME
 boundary string in multipart/x-mixed-replace content, which allows
 remote attackers to inject arbitrary HTTP headers and conduct HTTP
 response splitting attacks via crafted input that contains this value,
 a different vulnerability than CVE-2010-3172 (CVE-2010-2761).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 b2e5ffba685cf732133e42fe1b82791d  corporate/4.0/i586/perl-CGI-Simple-0.077-1.1.20060mlcs4.noarch.rpm 
 e37ee0869e2fd9f4e875354edca20c6f  corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5231722e821a5478827e17293dd0836b  corporate/4.0/x86_64/perl-CGI-Simple-0.077-1.1.20060mlcs4.noarch.rpm 
 e37ee0869e2fd9f4e875354edca20c6f  corporate/4.0/SRPMS/perl-CGI-Simple-0.077-1.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 04f4b7381ba21a1ba14845a06b680fb1  mes5/i586/perl-CGI-Simple-1.1-4.1mdvmes5.1.noarch.rpm 
 15d6dc30e4dbf78a7371c1715386f552  mes5/SRPMS/perl-CGI-Simple-1.1-4.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 bf81ab1b1798bb141b74c6f8e6d59630  mes5/x86_64/perl-CGI-Simple-1.1-4.1mdvmes5.1.noarch.rpm 
 15d6dc30e4dbf78a7371c1715386f552  mes5/SRPMS/perl-CGI-Simple-1.1-4.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNAMpimqjQ0CJFipgRAsKPAJ9gy8D5blvchEFe/KRmwMEFYtjWZQCgzSmG
3t2bZiJcPZFuhFYF28NTyJ0=
=Xkba
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [ MDVSA-2010:250 ] perl-CGI-Simple security (Dec 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]