Advisories » MGASA-2024-0127

Updated perl-HTTP-Body packages fix security vulnerability

Publication date: 13 Apr 2024
Modification date: 13 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2013-4407

Description

HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module
for Perl uses the part of the uploaded file's name after the first "."
character as the suffix of a temporary file, which makes it easier for
remote attackers to conduct attacks by leveraging subsequent behavior
that may assume the suffix is well-formed. (CVE-2013-4407)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33067
• https://www.openwall.com/lists/oss-security/2024/04/07/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4407

SRPMS

9/core

• perl-HTTP-Body-1.230.0-1.mga9