- --------------------------------------------------------------------------
Debian Security Advisory DSA 371-1                     security@debian.org 
Debian -- Security Information                              Matt Zimmerman
August 11th, 2003                        Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : perl
Vulnerability  : cross-site scripting
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0615

A cross-site scripting vulnerability exists in the start_form()
function in CGI.pm.  This function outputs user-controlled data into
the action attribute of a form element without sanitizing it, allowing
a remote user to execute arbitrary web script within the context of
the generated page.  Any program which uses this function in the
CGI.pm module may be affected.

For the current stable distribution (woody) this problem has been fixed
in version 5.6.1-8.3.

For the unstable distribution (sid) this problem has been fixed in
version 5.8.0-19.

We recommend that you update your perl package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      687 ce62ebefcb7cb3a7ceda7e7b4f198d8a
      
      Size/MD5 checksum:   137514 b69f430dc0fbd8f3a53cb7b596a18130
      
      Size/MD5 checksum:  5983695 ec1ff15464809b562aecfaa2e65edba6

  Architecture independent components:

      
      Size/MD5 checksum:    30800 6627512aed16eb2e4848e7c85f232bef
      
      Size/MD5 checksum:  3885796 c32102529c71dcb3c849f53f207401c3
      
      Size/MD5 checksum:  1278610 690c5e4eed9384326c17f1fe2a8d4fb7

  Alpha architecture:

      
      Size/MD5 checksum:   619214 9f10a38c97f335255d04b2011a9b2497
      
      Size/MD5 checksum:   435158 b1948afd1ff9e8e7d212173dfce5da55
      
      Size/MD5 checksum:  1217562 0267549b6b2ba965048a8809e91ea7e8
      
      Size/MD5 checksum:   208506 b4d671fd7697ae48ea20d812aa606036
      
      Size/MD5 checksum:  2827160 6d6d6d0878aa79f7e0b498ec98ddfd0d
      
      Size/MD5 checksum:    34880 82d93b8edbf39e2c44012c49a2c67796

  ARM architecture:

      
      Size/MD5 checksum:   516198 90fc7a31894b3b8263b3279b2002c69c
      
      Size/MD5 checksum:   362632 08fe841ab87b044fdcabf3ab035aff74
      
      Size/MD5 checksum:  1164134 0f36c636ff39e3338dec7c8d92d01642
      
      Size/MD5 checksum:   544758 7f547fee152404d3902cb1c88c6b1d42
      
      Size/MD5 checksum:  2306914 1d4b7a0a6bae4bf17e0277db0f93584a
      
      Size/MD5 checksum:    29396 f3f4b55c8d10104ca368cb5c85182174

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   424710 0b3820f00a89c714a590c62313b29440
      
      Size/MD5 checksum:   374154 fe75d3617bf736ec1df5ecf720a7c5e7
      
      Size/MD5 checksum:  1170690 adb3586cc8070b6133d4e9487b187458
      
      Size/MD5 checksum:   529218 4c060ad1724ba91d339f7fda5a6ae1f6
      
      Size/MD5 checksum:  2119560 70a1dd6e8b99070b4819ac3e76213540
      
      Size/MD5 checksum:    34808 d8e6fd341884eca20accc028e63da9fb

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   703464 a65213bd87a5a72e8a598278894277e6
      
      Size/MD5 checksum:   598576 a3fba3c40e4be8410d7c99fc2d223d18
      
      Size/MD5 checksum:  1266282 aa33b836adeebe93e19f975342ec96c5
      
      Size/MD5 checksum:   226208 78105a48118c49b10224b33a8b96f921
      
      Size/MD5 checksum:  3312380 5cde519642b5be4f2cd37a60df08b14b
      
      Size/MD5 checksum:    45350 6bc4e7f9b5c1f19b36577159e85c413d

  HP Precision architecture:

      
      Size/MD5 checksum:   622784 9298ec9b4b752ffcef0605a067ab0f18
      
      Size/MD5 checksum:   473316 f6c18c7e8dfdffd477576aac21607669
      
      Size/MD5 checksum:  1211402 9cf48d63b80e40eeb581f6bc9e9e947f
      
      Size/MD5 checksum:   208396 cb9d7b8c6a6375df2a9113d27e4fc212
      
      Size/MD5 checksum:  2288092 9e7f6df4dd4c80f20a1c363c4ea22f0e
      
      Size/MD5 checksum:    34078 b340e91bf9bb1d8ed66bc7460c07431d

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   399412 144771a003d242d0fb095492a532f63b
      
      Size/MD5 checksum:   331894 2bb4e99cc8be1d62233306fc742a2a33
      
      Size/MD5 checksum:  1149294 3652a4ed0685d86ab5df14a176efc524
      
      Size/MD5 checksum:   192160 c5f64c0ad60c9e98fdeeb8853b8b15d3
      
      Size/MD5 checksum:  2132018 e1fe7ab1dc63c3a14c648cfd07408031
      
      Size/MD5 checksum:    27760 cdfcb42c4eca07191e3c8c9a4eb1889d

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   522382 66d1a98cc1f70ef3a3d5cb49d7729d85
      
      Size/MD5 checksum:   364584 57a504230c2e6ef77fbefce8c8ddc1b9
      
      Size/MD5 checksum:  1158972 0791ffefb7be3146d4fcccf10d014cbf
      
      Size/MD5 checksum:   185706 8fd1f429c6df8049ed48697083ad3632
      
      Size/MD5 checksum:  2408580 ee25dc3b3a8e1613268117cd67cf8cf9
      
      Size/MD5 checksum:    29068 a64ccdfde3898458998eb37795f74b53

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   516052 cb7767f8c91493224add44275f88ca5a
      
      Size/MD5 checksum:   361164 30ce85f4f26272b7f316ab3714713395
      
      Size/MD5 checksum:  1160190 a137b511853065510e9bc7a01895471b
      
      Size/MD5 checksum:   185216 6e3f2b84c54bc0fe8a5798134c7637b6
      
      Size/MD5 checksum:  2265644 6830ad3fbdc3d9ea3e1473ef4b6f682e
      
      Size/MD5 checksum:    28666 cc01f392ea36e3e67c1f74069a9f4c09

  PowerPC architecture:

      
      Size/MD5 checksum:   567158 d0c55107ca407ff5b62c330ad0ed0e8f
      
      Size/MD5 checksum:   400552 6305cd9e018f7d605a467bfa50c61489
      
      Size/MD5 checksum:  1183276 6ce93b50b61d51ebf28e9ae95f1ce6da
      
      Size/MD5 checksum:   202150 444051c60e1bf08c185eb0bda19b2c05
      
      Size/MD5 checksum:  2300354 80a18c49969f7dcba3f34fc9e4d76ccb
      
      Size/MD5 checksum:    30758 c6823a86b609a048fc6624b82ed8ff63

  IBM S/390 architecture:

      
      Size/MD5 checksum:   456042 83eb3f57c82d034f55d2ba89fb326889
      
      Size/MD5 checksum:   404842 fbca15e5c3a042fa02b83cff1d673b9c
      
      Size/MD5 checksum:  1167866 9768324a8f3995ec5c850700a6ed7919
      
      Size/MD5 checksum:   191120 3234034cb57a92b7c4a9cf388adf1537
      
      Size/MD5 checksum:  2210470 79e76c2967c8d54911281be4c6096cda
      
      Size/MD5 checksum:    32860 3e04300fba92b00a6a3a864c12f5a390

  Sun Sparc architecture:

      
      Size/MD5 checksum:   528758 244d78b4327fc0a5026502f76f3081b9
      
      Size/MD5 checksum:   403188 e3dd30bc5cd00927cdc344d0712c223f
      
      Size/MD5 checksum:  1191738 f2a8c2007489e44ad4a4ae0a70ae82f7
      
      Size/MD5 checksum:   210994 af02b8fb62440c98936cd40f90134098
      
      Size/MD5 checksum:  2284860 aa4231641c35dba1cefff0d524d890a0
      
      Size/MD5 checksum:    31024 4b9d945a00139a14980072769c87885d

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: perl CGI.pm XSS vulnerability

August 11, 2003
A cross-site scripting vulnerability exists in the start_form()function in CGI.pm.

Summary

A cross-site scripting vulnerability exists in the start_form()
function in CGI.pm. This function outputs user-controlled data into
the action attribute of a form element without sanitizing it, allowing
a remote user to execute arbitrary web script within the context of
the generated page. Any program which uses this function in the
CGI.pm module may be affected.

For the current stable distribution (woody) this problem has been fixed
in version 5.6.1-8.3.

For the unstable distribution (sid) this problem has been fixed in
version 5.8.0-19.

We recommend that you update your perl package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


Size/MD5 checksum: 687 ce62ebefcb7cb3a7ceda7e7b4f198d8a

Size/MD5 checksum: 137514 b69f430dc0fbd8f3a53cb7b596a18130

Size/MD5 checksum: 5983695 ec1ff15464809b562aecfaa2e65edba6

Architecture independent components:


Size/MD5 checksum: 30800 6627512aed16eb2e4848e7c85f232bef

Size/MD5 checksum: 3885796 c32102529c71dcb3c849f53f207401c3

Size/MD5 checksum: 1278610 690c5e4eed9384326c17f1fe2a8d4fb7

Alpha architecture:


Size/MD5 checksum: 619214 9f10a38c97f335255d04b2011a9b2497

Size/MD5 checksum: 435158 b1948afd1ff9e8e7d212173dfce5da55

Size/MD5 checksum: 1217562 0267549b6b2ba965048a8809e91ea7e8

Size/MD5 checksum: 208506 b4d671fd7697ae48ea20d812aa606036

Size/MD5 checksum: 2827160 6d6d6d0878aa79f7e0b498ec98ddfd0d

Size/MD5 checksum: 34880 82d93b8edbf39e2c44012c49a2c67796

ARM architecture:


Size/MD5 checksum: 516198 90fc7a31894b3b8263b3279b2002c69c

Size/MD5 checksum: 362632 08fe841ab87b044fdcabf3ab035aff74

Size/MD5 checksum: 1164134 0f36c636ff39e3338dec7c8d92d01642

Size/MD5 checksum: 544758 7f547fee152404d3902cb1c88c6b1d42

Size/MD5 checksum: 2306914 1d4b7a0a6bae4bf17e0277db0f93584a

Size/MD5 checksum: 29396 f3f4b55c8d10104ca368cb5c85182174

Intel IA-32 architecture:


Size/MD5 checksum: 424710 0b3820f00a89c714a590c62313b29440

Size/MD5 checksum: 374154 fe75d3617bf736ec1df5ecf720a7c5e7

Size/MD5 checksum: 1170690 adb3586cc8070b6133d4e9487b187458

Size/MD5 checksum: 529218 4c060ad1724ba91d339f7fda5a6ae1f6

Size/MD5 checksum: 2119560 70a1dd6e8b99070b4819ac3e76213540

Size/MD5 checksum: 34808 d8e6fd341884eca20accc028e63da9fb

Intel IA-64 architecture:


Size/MD5 checksum: 703464 a65213bd87a5a72e8a598278894277e6

Size/MD5 checksum: 598576 a3fba3c40e4be8410d7c99fc2d223d18

Size/MD5 checksum: 1266282 aa33b836adeebe93e19f975342ec96c5

Size/MD5 checksum: 226208 78105a48118c49b10224b33a8b96f921

Size/MD5 checksum: 3312380 5cde519642b5be4f2cd37a60df08b14b

Size/MD5 checksum: 45350 6bc4e7f9b5c1f19b36577159e85c413d

HP Precision architecture:


Size/MD5 checksum: 622784 9298ec9b4b752ffcef0605a067ab0f18

Size/MD5 checksum: 473316 f6c18c7e8dfdffd477576aac21607669

Size/MD5 checksum: 1211402 9cf48d63b80e40eeb581f6bc9e9e947f

Size/MD5 checksum: 208396 cb9d7b8c6a6375df2a9113d27e4fc212

Size/MD5 checksum: 2288092 9e7f6df4dd4c80f20a1c363c4ea22f0e

Size/MD5 checksum: 34078 b340e91bf9bb1d8ed66bc7460c07431d

Motorola 680x0 architecture:


Size/MD5 checksum: 399412 144771a003d242d0fb095492a532f63b

Size/MD5 checksum: 331894 2bb4e99cc8be1d62233306fc742a2a33

Size/MD5 checksum: 1149294 3652a4ed0685d86ab5df14a176efc524

Size/MD5 checksum: 192160 c5f64c0ad60c9e98fdeeb8853b8b15d3

Size/MD5 checksum: 2132018 e1fe7ab1dc63c3a14c648cfd07408031

Size/MD5 checksum: 27760 cdfcb42c4eca07191e3c8c9a4eb1889d

Big endian MIPS architecture:


Size/MD5 checksum: 522382 66d1a98cc1f70ef3a3d5cb49d7729d85

Size/MD5 checksum: 364584 57a504230c2e6ef77fbefce8c8ddc1b9

Size/MD5 checksum: 1158972 0791ffefb7be3146d4fcccf10d014cbf

Size/MD5 checksum: 185706 8fd1f429c6df8049ed48697083ad3632

Size/MD5 checksum: 2408580 ee25dc3b3a8e1613268117cd67cf8cf9

Size/MD5 checksum: 29068 a64ccdfde3898458998eb37795f74b53

Little endian MIPS architecture:


Size/MD5 checksum: 516052 cb7767f8c91493224add44275f88ca5a

Size/MD5 checksum: 361164 30ce85f4f26272b7f316ab3714713395

Size/MD5 checksum: 1160190 a137b511853065510e9bc7a01895471b

Size/MD5 checksum: 185216 6e3f2b84c54bc0fe8a5798134c7637b6

Size/MD5 checksum: 2265644 6830ad3fbdc3d9ea3e1473ef4b6f682e

Size/MD5 checksum: 28666 cc01f392ea36e3e67c1f74069a9f4c09

PowerPC architecture:


Size/MD5 checksum: 567158 d0c55107ca407ff5b62c330ad0ed0e8f

Size/MD5 checksum: 400552 6305cd9e018f7d605a467bfa50c61489

Size/MD5 checksum: 1183276 6ce93b50b61d51ebf28e9ae95f1ce6da

Size/MD5 checksum: 202150 444051c60e1bf08c185eb0bda19b2c05

Size/MD5 checksum: 2300354 80a18c49969f7dcba3f34fc9e4d76ccb

Size/MD5 checksum: 30758 c6823a86b609a048fc6624b82ed8ff63

IBM S/390 architecture:


Size/MD5 checksum: 456042 83eb3f57c82d034f55d2ba89fb326889

Size/MD5 checksum: 404842 fbca15e5c3a042fa02b83cff1d673b9c

Size/MD5 checksum: 1167866 9768324a8f3995ec5c850700a6ed7919

Size/MD5 checksum: 191120 3234034cb57a92b7c4a9cf388adf1537

Size/MD5 checksum: 2210470 79e76c2967c8d54911281be4c6096cda

Size/MD5 checksum: 32860 3e04300fba92b00a6a3a864c12f5a390

Sun Sparc architecture:


Size/MD5 checksum: 528758 244d78b4327fc0a5026502f76f3081b9

Size/MD5 checksum: 403188 e3dd30bc5cd00927cdc344d0712c223f

Size/MD5 checksum: 1191738 f2a8c2007489e44ad4a4ae0a70ae82f7

Size/MD5 checksum: 210994 af02b8fb62440c98936cd40f90134098

Size/MD5 checksum: 2284860 aa4231641c35dba1cefff0d524d890a0

Size/MD5 checksum: 31024 4b9d945a00139a14980072769c87885d

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/



Severity
Package : perl
Vulnerability : cross-site scripting
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0615

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved