drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in perl-CGI
Name: |
Ausführen beliebiger Kommandos in perl-CGI |
|
ID: |
FEDORA-2012-18330 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 16 |
|
Datum: |
Di, 18. Dezember 2012, 08:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526 |
|
Applikationen: |
CGI.pm |
|
Originalnachricht |
Name : perl-CGI Product : Fedora 16 Version : 3.52 Release : 203.fc16 URL : http://search.cpan.org/dist/CGI Summary : Handle Common Gateway Interface requests and responses Description : CGI.pm is a stable, complete and mature solution for processing and preparing HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string generation and manipulation, and processing and preparing HTTP headers. Some HTML generation utilities are included as well.
CGI.pm performs very well in in a vanilla CGI.pm environment and also comes with built-in support for mod_perl and mod_perl2 as well as FastCGI.
------------------------------------------------------------------------------- - Update Information:
Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P HTTP response headers properly) in CGI-3.52. ------------------------------------------------------------------------------- - ChangeLog:
* Mon Nov 26 2012 Petr Pisar <ppisar@redhat.com> - 3.52-203 - 3.52 bump - Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P response headers properly (bug #876974) * Fri Nov 16 2012 Petr Pisar <ppisar@redhat.com> - 3.51-6 - Improper new-line escaping in Set-Cookie and P3P headers is known as CVE-2012-5526 (bug #876974) * Thu Nov 15 2012 Petr Pisar <ppisar@redhat.com> - 3.51-5 - Escape new-lines in Set-Cookie and P3P response headers properly (bug #876974) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #877015 - CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers https://bugzilla.redhat.com/show_bug.cgi?id=877015 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update perl-CGI' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|