Mageia 6: MGASA-2018-0428 Moderate: perl-Dancer2 RCE and Session Issue
mageia
November 3, 2018
Dancer2 0.206000 addresses several potential security issues
Summary
Dancer2 0.206000 addresses several potential security issues. There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. Parsing requests now uses HTTP::Entity::Parser which reduces the amount of code needed
References
- https://bugs.mageia.org/show_bug.cgi?id=23127
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IQXVVVJM54QO6NGMMJJH56545OVCFQA4/
Topics Covered
Resolution
SRPMS
- 6/core/perl-Dancer2-0.206.0-1.1.mga6
- 6/core/perl-Cookie-Baker-0.100.0-1.2.mga6
- 6/core/perl-HTTP-Entity-Parser-0.210.0-1.mga6
- 6/core/perl-HTTP-Headers-Fast-0.210.0-1.1.mga6
- 6/core/perl-HTTP-MultiPartParser-0.20.0-1.mga6
- 6/core/perl-HTTP-XSCookies-0.0.21-1.1.mga6
- 6/core/perl-JSON-MaybeXS-1.4.0-1.mga6
- 6/core/perl-Plack-1.4.700-1.1.mga6
- 6/core/perl-Type-Tiny-1.4.2-1.1.mga6
- 6/core/perl-WWW-Form-UrlEncoded-0.250.0-1.mga6
PREVIOUS
NEXT
Publication date: 03 Nov 2018
URL: https://advisories.mageia.org/MGASA-2018-0428.html
Type: security
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!