Updated perl-HTTP-Body packages fix security vulnerability
Publication date: 13 Apr 2024Modification date: 13 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2013-4407
Description
HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed. (CVE-2013-4407)
References
SRPMS
9/core
- perl-HTTP-Body-1.230.0-1.mga9