A security flaw was found in the way CGI.pm, a Perl module to handle Common Gateway Interface requests and responses, performed sanitization of values to be used for Set-Cookie and P3P headers. If a Perl CGI.pm module based CGI application reused cookies values and accepted untrusted input from web browser(s), a remote attacker could use this flaw to in an unauthorized way alter member items of the cookie or add new items. References: [1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes [2] https://github.com/markstos/CGI.pm/pull/23 [3] https://bugzilla.redhat.com/show_bug.cgi?id=876974
This issue affects the versions of the perl-CGI package, as shipped with Fedora release of 16 and 17. Please schedule an update.
CVE Request: [4] http://www.openwall.com/lists/oss-security/2012/11/15/4
This issue affects the versions of the perl package, as shipped with Red Hat Enterprise Linux 5 and 6.
This was assigned CVE-2012-5526: http://www.openwall.com/lists/oss-security/2012/11/15/6
Created attachment 646250 [details] Upstream fix
Upstream commits: https://github.com/markstos/CGI.pm/commit/80f44433a43b51e5851218a08f6920adfb91991a https://github.com/markstos/CGI.pm/commit/7bb474c5b308cf93298f96923280aa82a4a195ec
perl-CGI-3.51-10.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
perl-CGI-3.51-7.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
perl-CGI-3.59-235.fc18, perl-5.16.2-235.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
perl-CGI-3.52-218.fc17, perl-5.14.3-218.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
perl-CGI-3.52-203.fc16, perl-5.14.3-203.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
Created attachment 704881 [details] Fix ported to perl-5.10.1
Created attachment 705046 [details] Fix ported to perl-5.8.8
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:0685 https://rhn.redhat.com/errata/RHSA-2013-0685.html