U radu programskog paketa perl-CGI, na operacijskim sustavima Fedora 13 i 14, uočena je i ispravljena sigurnosna ranjivost. Perl-CGI je Perl modul namijenjen implementaciji sučelja za razvoj CGI (eng. Common Gateway Interface) skripti. Ranjivost se javlja u funkciji "multipart_init" u datotekama "Simple.pm" i "CGI.pm". Udaljeni napadač to može iskoristiti za ubacivanje proizvoljnih HTTP zaglavlja koristeći MIME "boundary" atribut. Svim se korisnicima savjetuje primjena objavljenih nadogradnji.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0640
2011-01-21 22:13:50
--------------------------------------------------------------------------------
Name : perl-CGI
Product : Fedora 14
Version : 3.51
Release : 1.fc14
URL : http://search.cpan.org/dist/CGI
Summary : Handle Common Gateway Interface requests and responses
Description :
CGI.pm is a stable, complete and mature solution for processing and preparing
HTTP requests and responses. Major features including processing form
submissions, file uploads, reading and writing cookies, query string
generation
and manipulation, and processing and preparing HTTP headers. Some HTML
generation utilities are included as well.
CGI.pm performs very well in in a vanilla CGI.pm environment and also comes
with built-in support for mod_perl and mod_perl2 as well as FastCGI.
--------------------------------------------------------------------------------
Update Information:
Update to version 3.51, extending the fix for CVE-2010-2761.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #657950 - perl-5.12.2/CGI-3.50 security update
https://bugzilla.redhat.com/show_bug.cgi?id=657950
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-CGI' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0654
2011-01-21 22:14:29
--------------------------------------------------------------------------------
Name : perl-CGI
Product : Fedora 13
Version : 3.51
Release : 1.fc13
URL : http://search.cpan.org/dist/CGI
Summary : Handle Common Gateway Interface requests and responses
Description :
CGI.pm is a stable, complete and mature solution for processing and preparing
HTTP requests and responses. Major features including processing form
submissions, file uploads, reading and writing cookies, query string
generation
and manipulation, and processing and preparing HTTP headers. Some HTML
generation utilities are included as well.
CGI.pm performs very well in in a vanilla CGI.pm environment and also comes
with built-in support for mod_perl and mod_perl2 as well as FastCGI.
--------------------------------------------------------------------------------
Update Information:
Update to version 3.51, extending the fix for CVE-2010-2761.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #657950 - perl-5.12.2/CGI-3.50 security update
https://bugzilla.redhat.com/show_bug.cgi?id=657950
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-CGI' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke