drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libcgi-pm-perl
Name: |
Ausführen beliebiger Kommandos in libcgi-pm-perl |
|
ID: |
DSA-2587-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian squeeze |
|
Datum: |
Di, 11. Dezember 2012, 23:09 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526 |
|
Applikationen: |
CGI.pm |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2587-1 security@debian.org http://www.debian.org/security/ December 11, 2012 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libcgi-pm-perl Vulnerability : HTTP header injection Problem type : remote Debian-specific: no CVE ID : CVE-2012-5526 Debian Bug : 693421
It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers.
For the stable distribution (squeeze), this problem has been fixed in version 3.49-1squeeze2.
For the unstable distribution (sid), this problem has been fixed in version 3.61-2.
We recommend that you upgrade your libcgi-pm-perl packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQx5tpAAoJEL97/wQC1SS+EAUH/1/Jy1JokeeIGjFlG5pRl1Mi 9Syt5ACvprey4tCJvJWMVgnkwZGwCytby6x+5w02nF0ZsNSl7b3aQ1J/9QhYZIqt CdNhCsb5Wxrnj4IPXci1RUTji004FyLQO+U5wCwKjM1HqOmiifiIh2YUhEb6GMAq JvJi2JWaXKBSBZ3osV8g/FInzVCshTrMCF/6jBrTrLU7W6jshK0qa4yyZ6a9SNxB kNxIxewULMolde8xf5F++91LmQZzSG/sWm+h86eLoeoXEuuefCtzCq0xRIBkbRFk p8n9IIqzmmsoeVB2Saa+5SP8kUWtZDUdK9OgKNSxO014ojs7wV0yCiviYRt4jVU= =7B7t -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/87ip88pbru.fsf@mid.deneb.enyo.de
|
|
|
|