Mandriva Update For Perl-CGI MDVSA-2012:180 (perl-CGI) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in perl-CGI: CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm (CVE-2012-5526). The updated packages have been patched to correct this issue.

Affected

perl-CGI on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2

Severity

Classification

CVE CVE-2012-5526

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:033 (sudo)
Mandrake Security Advisory MDVSA-2009:145 (php)
Mandrake Security Advisory MDVSA-2009:025 (pidgin)
Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)
Mandrake Security Advisory MDVSA-2009:136 (tomcat5)

Mandriva Update for perl-CGI MDVSA-2012:180 (perl-CGI)

Take action and discover your vulnerabilities