Advisories

Mandriva Advisories

Package name perl-CGI Date August 20th, 2003 Advisory ID MDKSA-2003:084 Affected versions 8.2, 9.0, 9.1, MNF8.2, CS2.1 Synopsis Updated perl-CGI packages fix cross-site scripting vulnerabilities

Problem Description

Eye on Security found a cross-site scripting vulnerability in the
start_form() function in CGI.pm. This vulnerability allows a remote
attacker to place a web script in a URL which feeds into a form's
action parameter and allows execution by the browser as if it was
coming from the site.

Updated Packages

Mandrakelinux 8.2

 287cfec9115ac5395cef982b054d6e0f  8.2/RPMS/perl-CGI-3.00-0.1mdk.noarch.rpm
f30e0a5c1424e2ba6015991bbf4a8760  8.2/SRPMS/perl-CGI-3.00-0.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 0099608448f3ad7074daae3ccb48f4fe  ppc/8.2/RPMS/perl-CGI-3.00-0.1mdk.noarch.rpm
f30e0a5c1424e2ba6015991bbf4a8760  ppc/8.2/SRPMS/perl-CGI-3.00-0.1mdk.src.rpm

Mandrakelinux 9.0

 ba7ff50de983c694a0de5a18686defb0  9.0/RPMS/perl-CGI-3.00-0.2mdk.noarch.rpm
d33e5b70ccb06a6634eb784b987c3709  9.0/SRPMS/perl-CGI-3.00-0.2mdk.src.rpm

Mandrakelinux 9.1

 edbef67588070e8b64cc067bc38df59f  9.1/RPMS/perl-CGI-3.00-0.2mdk.noarch.rpm
d33e5b70ccb06a6634eb784b987c3709  9.1/SRPMS/perl-CGI-3.00-0.2mdk.src.rpm

Mandrakelinux 9.1/PPC

 ac48b149899c0ec2dfe3b7eade985253  ppc/9.1/RPMS/perl-CGI-3.00-0.2mdk.noarch.rpm
d33e5b70ccb06a6634eb784b987c3709  ppc/9.1/SRPMS/perl-CGI-3.00-0.2mdk.src.rpm

Multi Network Firewall 8.2

 287cfec9115ac5395cef982b054d6e0f  mnf8.2/RPMS/perl-CGI-3.00-0.1mdk.noarch.rpm
f30e0a5c1424e2ba6015991bbf4a8760  mnf8.2/SRPMS/perl-CGI-3.00-0.1mdk.src.rpm

Corporate Server 2.1

 ba7ff50de983c694a0de5a18686defb0  corporate/2.1/RPMS/perl-CGI-3.00-0.2mdk.noarch.rpm
d33e5b70ccb06a6634eb784b987c3709  corporate/2.1/SRPMS/perl-CGI-3.00-0.2mdk.src.rpm

Corporate Server 2.1/X86_64

 ae71f34a21a149948e1f28263cb38a09  x86_64/corporate/2.1/RPMS/perl-CGI-3.00-0.2mdk.noarch.rpm
d33e5b70ccb06a6634eb784b987c3709  x86_64/corporate/2.1/SRPMS/perl-CGI-3.00-0.2mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615
http://eyeonsecurity.org/advisories/CGI.pm/adv.html

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.