Mageia Advisory: MGASA-2014-0098 - Updated perl-CGI-Application packages fix CVE-2013-7329

Updated perl-CGI-Application packages fix CVE-2013-7329

Publication date: 25 Feb 2014
Modification date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-7329

Description

Updated perl-CGI-Application package fixes security vulnerability:

When applications using CGI::Application overload setup(), which is normally
the case, CGI::Application since version 4.19 has dump_html as a default
run-mode unless the application explicitly redefines it. This unexpectedly
dumps a complete set of web query data and server environment information as
an error page, thus leaking information (CVE-2013-7329).

References

http://openwall.com/lists/oss-security/2014/02/20/1
https://bugzilla.redhat.com/show_bug.cgi?id=1067180
https://bugs.mageia.org/show_bug.cgi?id=12827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7329

SRPMS

4/core

perl-CGI-Application-4.500.0-3.1.mga4

3/core

perl-CGI-Application-4.500.0-2.1.mga3

Advisories » MGASA-2014-0098

Updated perl-CGI-Application packages fix CVE-2013-7329

Description

References

SRPMS

4/core

3/core