Mandriva Linux Security Advisory : perl-Plack (MDVSA-2014:235)
Medium Nessus Plugin ID 79631
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated perl-Plack package fixes security vulnerability :
Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files (CVE-2014-5269).
SolutionUpdate the affected perl-Plack package.