Mandriva Linux Security Advisory : perl-CGI (MDVSA-2012:180)
Medium Nessus Plugin ID 63284
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered and corrected in perl-CGI :
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm (CVE-2012-5526).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected perl-CGI and / or perl-CGI-Fast packages.