Bug 877015 (CVE-2012-5526) - CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers
Summary: CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Se...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-5526
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 876974 Engineering915690 Engineering915691 Engineering915692 Engineering915693
Blocks: Embargoed877037
TreeView+ depends on / blocked
 
Reported: 2012-11-15 14:37 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:57 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-26 20:01:37 UTC

Attachments (Terms of Use)
Upstream fix (2.80 KB, patch)
2012-11-16 08:56 UTC, Petr Pisar 		no flags Details | Diff
Fix ported to perl-5.10.1 (3.22 KB, patch)
2013-03-04 11:25 UTC, Petr Pisar 		no flags Details | Diff
Fix ported to perl-5.8.8 (2.41 KB, patch)
2013-03-04 15:44 UTC, Petr Pisar 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0685 0 normal SHIPPED_LIVE Moderate: perl security update 2013-03-26 23:26:59 UTC

Description Jan Lieskovsky 2012-11-15 14:37:53 UTC 
A security flaw was found in the way CGI.pm, a Perl module to handle Common Gateway Interface requests and responses, performed sanitization of values to be used for Set-Cookie and P3P headers. If a Perl CGI.pm module based CGI application reused cookies values and accepted untrusted input from web browser(s), a remote attacker could use this flaw to in an unauthorized way alter member items of the cookie or add new items.

References:
[1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
[2] https://github.com/markstos/CGI.pm/pull/23
[3] https://bugzilla.redhat.com/show_bug.cgi?id=876974
Comment 1 Jan Lieskovsky 2012-11-15 14:41:33 UTC 
This issue affects the versions of the perl-CGI package, as shipped with Fedora release of 16 and 17. Please schedule an update.
Comment 2 Jan Lieskovsky 2012-11-15 14:49:09 UTC 
CVE Request:
[4] http://www.openwall.com/lists/oss-security/2012/11/15/4
Comment 3 Jan Lieskovsky 2012-11-15 15:07:46 UTC 
This issue affects the versions of the perl package, as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 4 Vincent Danen 2012-11-15 21:47:02 UTC 
This was assigned CVE-2012-5526:

http://www.openwall.com/lists/oss-security/2012/11/15/6
Comment 5 Petr Pisar 2012-11-16 08:56:43 UTC 
Created attachment 646250 [details]
Upstream fix
Comment 6 Tomas Hoger 2012-11-16 09:25:24 UTC 
Upstream commits:

https://github.com/markstos/CGI.pm/commit/80f44433a43b51e5851218a08f6920adfb91991a
https://github.com/markstos/CGI.pm/commit/7bb474c5b308cf93298f96923280aa82a4a195ec
Comment 9 Fedora Update System 2012-11-23 07:54:17 UTC 
perl-CGI-3.51-10.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2012-11-28 11:36:19 UTC 
perl-CGI-3.51-7.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2012-12-12 00:28:17 UTC 
perl-CGI-3.59-235.fc18, perl-5.16.2-235.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2012-12-13 05:54:57 UTC 
perl-CGI-3.52-218.fc17, perl-5.14.3-218.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2012-12-18 02:24:45 UTC 
perl-CGI-3.52-203.fc16, perl-5.14.3-203.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Petr Pisar 2013-03-04 11:25:13 UTC 
Created attachment 704881 [details]
Fix ported to perl-5.10.1
Comment 16 Petr Pisar 2013-03-04 15:44:54 UTC 
Created attachment 705046 [details]
Fix ported to perl-5.8.8
Comment 17 errata-xmlrpc 2013-03-26 19:27:38 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:0685 https://rhn.redhat.com/errata/RHSA-2013-0685.html
Note You need to log in before you can comment on or make changes to this bug.