perl-CGI: header injection

Package(s):

perl-CGI

CVE #(s):

CVE-2012-5526

Created:

November 28, 2012

Updated:

December 19, 2012

Description:

From the CVE entry:

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

Alerts:

Scientific Linux	SL-perl-20130327	perl	2013-03-27
Oracle	ELSA-2013-0685	perl	2013-03-27
Oracle	ELSA-2013-0685	perl	2013-03-26
CentOS	CESA-2013:0685	perl	2013-03-26
CentOS	CESA-2013:0685	perl	2013-03-26
Red Hat	RHSA-2013:0685-01	perl	2013-03-26
openSUSE	openSUSE-SU-2013:0502-1	perl	2013-03-20
openSUSE	openSUSE-SU-2013:0497-1	perl	2013-03-20
SUSE	SUSE-SU-2013:0442-1	Perl	2013-03-13
SUSE	SUSE-SU-2013:0441-1	Perl	2013-03-13
Fedora	FEDORA-2012-19282	perl-CGI	2012-12-13
Fedora	FEDORA-2012-19282	perl	2012-12-13
Fedora	FEDORA-2012-18330	perl-CGI	2012-12-18
Fedora	FEDORA-2012-18330	perl	2012-12-18
Mandriva	MDVSA-2012:180	perl-CGI	2012-12-17
Debian	DSA-2587-1	libcgi-pm-perl	2012-12-11
Debian	DSA-2586-1	perl	2012-12-11
Ubuntu	USN-1643-1	perl	2012-11-29
Mageia	MGASA-2012-0346	perl-CGI	2012-11-29
Fedora	FEDORA-2012-18318	perl-CGI	2012-11-28