This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 877015 (CVE-2012-5526)

Summary: CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mmaslano, perl-devel
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20121112,reported=20121115,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,rhel-5/perl=affected,rhel-6/perl=affected,fedora-all/perl-CGI=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-26 16:01:37 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 876974, 915690, 915691, 915692, 915693    
Bug Blocks: 877037    
Attachments:
Description Flags
Upstream fix
none
Fix ported to perl-5.10.1
none
Fix ported to perl-5.8.8 none

Description Jan Lieskovsky 2012-11-15 09:37:53 EST
A security flaw was found in the way CGI.pm, a Perl module to handle Common Gateway Interface requests and responses, performed sanitization of values to be used for Set-Cookie and P3P headers. If a Perl CGI.pm module based CGI application reused cookies values and accepted untrusted input from web browser(s), a remote attacker could use this flaw to in an unauthorized way alter member items of the cookie or add new items.

References:
[1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
[2] https://github.com/markstos/CGI.pm/pull/23
[3] https://bugzilla.redhat.com/show_bug.cgi?id=876974
Comment 1 Jan Lieskovsky 2012-11-15 09:41:33 EST
This issue affects the versions of the perl-CGI package, as shipped with Fedora release of 16 and 17. Please schedule an update.
Comment 2 Jan Lieskovsky 2012-11-15 09:49:09 EST
CVE Request:
[4] http://www.openwall.com/lists/oss-security/2012/11/15/4
Comment 3 Jan Lieskovsky 2012-11-15 10:07:46 EST
This issue affects the versions of the perl package, as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 4 Vincent Danen 2012-11-15 16:47:02 EST
This was assigned CVE-2012-5526:

http://www.openwall.com/lists/oss-security/2012/11/15/6
Comment 5 Petr Pisar 2012-11-16 03:56:43 EST
Created attachment 646250 [details]
Upstream fix
Comment 9 Fedora Update System 2012-11-23 02:54:17 EST
perl-CGI-3.51-10.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2012-11-28 06:36:19 EST
perl-CGI-3.51-7.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2012-12-11 19:28:17 EST
perl-CGI-3.59-235.fc18, perl-5.16.2-235.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2012-12-13 00:54:57 EST
perl-CGI-3.52-218.fc17, perl-5.14.3-218.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2012-12-17 21:24:45 EST
perl-CGI-3.52-203.fc16, perl-5.14.3-203.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Petr Pisar 2013-03-04 06:25:13 EST
Created attachment 704881 [details]
Fix ported to perl-5.10.1
Comment 16 Petr Pisar 2013-03-04 10:44:54 EST
Created attachment 705046 [details]
Fix ported to perl-5.8.8
Comment 17 errata-xmlrpc 2013-03-26 15:27:38 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:0685 https://rhn.redhat.com/errata/RHSA-2013-0685.html