Advisories ยป MGASA-2013-0352

Updated perl-HTTP-Body packages fix CVE-2013-4407

Publication date: 22 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4407

Description

Updated perl-HTTP-Body package fixes security vulnerability:

Jonathan Dolle reported a design error in HTTP::Body, a Perl module for
processing data from HTTP POST requests. The HTTP body multipart parser
creates temporary files which preserve the suffix of the uploaded file.
An attacker able to upload files to a service that uses
HTTP::Body::Multipart could potentially execute commands on the server
if these temporary filenames are used in subsequent commands without
further checks (CVE-2013-4407).
                

References

SRPMS

3/core

2/core