Bug 877015 - (CVE-2012-5526) CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers
CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Se...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20121112,repor...
: Security
Depends On: 876974 915690 915691 915692 915693
Blocks: 877037
  Show dependency treegraph
 
Reported: 2012-11-15 09:37 EST by Jan Lieskovsky
Modified: 2013-03-26 16:01 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-26 16:01:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream fix (2.80 KB, patch)
2012-11-16 03:56 EST, Petr Pisar
no flags Details | Diff
Fix ported to perl-5.10.1 (3.22 KB, patch)
2013-03-04 06:25 EST, Petr Pisar
no flags Details | Diff
Fix ported to perl-5.8.8 (2.41 KB, patch)
2013-03-04 10:44 EST, Petr Pisar
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2012-11-15 09:37:53 EST
A security flaw was found in the way CGI.pm, a Perl module to handle Common Gateway Interface requests and responses, performed sanitization of values to be used for Set-Cookie and P3P headers. If a Perl CGI.pm module based CGI application reused cookies values and accepted untrusted input from web browser(s), a remote attacker could use this flaw to in an unauthorized way alter member items of the cookie or add new items.

References:
[1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
[2] https://github.com/markstos/CGI.pm/pull/23
[3] https://bugzilla.redhat.com/show_bug.cgi?id=876974
Comment 1 Jan Lieskovsky 2012-11-15 09:41:33 EST
This issue affects the versions of the perl-CGI package, as shipped with Fedora release of 16 and 17. Please schedule an update.
Comment 2 Jan Lieskovsky 2012-11-15 09:49:09 EST
CVE Request:
[4] http://www.openwall.com/lists/oss-security/2012/11/15/4
Comment 3 Jan Lieskovsky 2012-11-15 10:07:46 EST
This issue affects the versions of the perl package, as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 4 Vincent Danen 2012-11-15 16:47:02 EST
This was assigned CVE-2012-5526:

http://www.openwall.com/lists/oss-security/2012/11/15/6
Comment 5 Petr Pisar 2012-11-16 03:56:43 EST
Created attachment 646250 [details]
Upstream fix
Comment 9 Fedora Update System 2012-11-23 02:54:17 EST
perl-CGI-3.51-10.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2012-11-28 06:36:19 EST
perl-CGI-3.51-7.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2012-12-11 19:28:17 EST
perl-CGI-3.59-235.fc18, perl-5.16.2-235.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2012-12-13 00:54:57 EST
perl-CGI-3.52-218.fc17, perl-5.14.3-218.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2012-12-17 21:24:45 EST
perl-CGI-3.52-203.fc16, perl-5.14.3-203.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Petr Pisar 2013-03-04 06:25:13 EST
Created attachment 704881 [details]
Fix ported to perl-5.10.1
Comment 16 Petr Pisar 2013-03-04 10:44:54 EST
Created attachment 705046 [details]
Fix ported to perl-5.8.8
Comment 17 errata-xmlrpc 2013-03-26 15:27:38 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:0685 https://rhn.redhat.com/errata/RHSA-2013-0685.html

Note You need to log in before you can comment on or make changes to this bug.