Описание
ELSA-2011-0558: perl security and bug fix update (MODERATE)
[5.10.1-119]
- 692862 - lc launders tainted flag, CVE-2011-1487
- make SOURCE1 executable, because it missed +x in brew
- Resolves: rhbz#692862
[5.10.1-118]
- Correct perl-5.10.1-rt77352.patch
- Related: rhbz#640720
[5.10.1-117]
- 671352 CGI-3.51 security update
- Resolves: rhbz#671352
[5.10.1-116]
- require Digest::SHA 640716
- remove removal of NDBM 640729
- remove unsupported option fork from prove's documentation 609492
- Thread desctructor leaks 640720
- update threads to 1.82 (bugfixes releases) 626330
- remove unused patches from cvs
- Resolves: rhbz#640729, rhbz#640716, rhbz#609492, rhbz#640720, rhbz#626330
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
perl
5.10.1-119.el6
perl-Archive-Extract
0.38-119.el6
perl-Archive-Tar
1.58-119.el6
perl-CGI
3.51-119.el6
perl-CPAN
1.9402-119.el6
perl-CPANPLUS
0.88-119.el6
perl-Compress-Raw-Zlib
2.023-119.el6
perl-Compress-Zlib
2.020-119.el6
perl-Digest-SHA
5.47-119.el6
perl-ExtUtils-CBuilder
0.27-119.el6
perl-ExtUtils-Embed
1.28-119.el6
perl-ExtUtils-MakeMaker
6.55-119.el6
perl-ExtUtils-ParseXS
2.2003.0-119.el6
perl-File-Fetch
0.26-119.el6
perl-IO-Compress-Base
2.020-119.el6
perl-IO-Compress-Zlib
2.020-119.el6
perl-IO-Zlib
1.09-119.el6
perl-IPC-Cmd
0.56-119.el6
perl-Locale-Maketext-Simple
0.18-119.el6
perl-Log-Message
0.02-119.el6
perl-Log-Message-Simple
0.04-119.el6
perl-Module-Build
0.3500-119.el6
perl-Module-CoreList
2.18-119.el6
perl-Module-Load
0.16-119.el6
perl-Module-Load-Conditional
0.30-119.el6
perl-Module-Loaded
0.02-119.el6
perl-Module-Pluggable
3.90-119.el6
perl-Object-Accessor
0.34-119.el6
perl-Package-Constants
0.02-119.el6
perl-Params-Check
0.26-119.el6
perl-Parse-CPAN-Meta
1.40-119.el6
perl-Pod-Escapes
1.04-119.el6
perl-Pod-Simple
3.13-119.el6
perl-Term-UI
0.20-119.el6
perl-Test-Harness
3.17-119.el6
perl-Test-Simple
0.92-119.el6
perl-Time-HiRes
1.9721-119.el6
perl-Time-Piece
1.15-119.el6
perl-core
5.10.1-119.el6
perl-devel
5.10.1-119.el6
perl-libs
5.10.1-119.el6
perl-parent
0.221-119.el6
perl-suidperl
5.10.1-119.el6
perl-version
0.77-119.el6
Oracle Linux i686
perl
5.10.1-119.el6
perl-Archive-Extract
0.38-119.el6
perl-Archive-Tar
1.58-119.el6
perl-CGI
3.51-119.el6
perl-CPAN
1.9402-119.el6
perl-CPANPLUS
0.88-119.el6
perl-Compress-Raw-Zlib
2.023-119.el6
perl-Compress-Zlib
2.020-119.el6
perl-Digest-SHA
5.47-119.el6
perl-ExtUtils-CBuilder
0.27-119.el6
perl-ExtUtils-Embed
1.28-119.el6
perl-ExtUtils-MakeMaker
6.55-119.el6
perl-ExtUtils-ParseXS
2.2003.0-119.el6
perl-File-Fetch
0.26-119.el6
perl-IO-Compress-Base
2.020-119.el6
perl-IO-Compress-Zlib
2.020-119.el6
perl-IO-Zlib
1.09-119.el6
perl-IPC-Cmd
0.56-119.el6
perl-Locale-Maketext-Simple
0.18-119.el6
perl-Log-Message
0.02-119.el6
perl-Log-Message-Simple
0.04-119.el6
perl-Module-Build
0.3500-119.el6
perl-Module-CoreList
2.18-119.el6
perl-Module-Load
0.16-119.el6
perl-Module-Load-Conditional
0.30-119.el6
perl-Module-Loaded
0.02-119.el6
perl-Module-Pluggable
3.90-119.el6
perl-Object-Accessor
0.34-119.el6
perl-Package-Constants
0.02-119.el6
perl-Params-Check
0.26-119.el6
perl-Parse-CPAN-Meta
1.40-119.el6
perl-Pod-Escapes
1.04-119.el6
perl-Pod-Simple
3.13-119.el6
perl-Term-UI
0.20-119.el6
perl-Test-Harness
3.17-119.el6
perl-Test-Simple
0.92-119.el6
perl-Time-HiRes
1.9721-119.el6
perl-Time-Piece
1.15-119.el6
perl-core
5.10.1-119.el6
perl-devel
5.10.1-119.el6
perl-libs
5.10.1-119.el6
perl-parent
0.221-119.el6
perl-suidperl
5.10.1-119.el6
perl-version
0.77-119.el6
Связанные CVE
Связанные уязвимости
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.p ...