-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2003-49
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 27 Aug 2003
Last revised : 27 Aug 2003
Package : perl
Summary : Cross-site scripting vulnerability
More information :
Perl is a high-level programming language with roots in C, sed, awk and shell scripting.
A cross-site scripting vulnerability exists in the start_form() function from CGI.pm
Impact :
This vulnerability may allow an attacker to execute arbitrary web script
within the context of the generated page.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
<Turbolinux 8 Server>
Source Packages
Size : MD5
perl-5.6.1-10.src.rpm
5978264 161122e722aa4b12f493a280f5ffae5b
Binary Packages
Size : MD5
perl-5.6.1-10.i586.rpm
6136602 dad9a80f98ea3e6b9863064b308dd6e0
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
perl-5.6.1-10.src.rpm
5978264 12062a758554d2f15f11c9ae00fec8f0
Binary Packages
Size : MD5
perl-5.6.1-10.i586.rpm
6138917 8c3f2f1aa9aa7db37ea3ee26614473b9
<Turbolinux 7 Server>
Source Packages
Size : MD5
perl-5.6.1-10.src.rpm
5978264 9a79eb0b0f9c3ae0aa5c36d8669fc14d
Binary Packages
Size : MD5
perl-5.6.1-10.i586.rpm
6144484 51f6034c17d857ae205133c4f8a4dc24
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
perl-5.6.1-10.src.rpm
5978264 78604c309ecf01cb534c4bc8e7a0a618
Binary Packages
Size : MD5
perl-5.6.1-10.i586.rpm
6143560 32de01ffd3b43e0d0310560c5a62ed58
<Turbolinux Server 6.5>
Source Packages
Size : MD5
perl-5.00503-9.src.rpm
3691300 1c948e0b20cc3b5275f67e78026a2cc2
Binary Packages
Size : MD5
perl-5.00503-9.i386.rpm
5001209 06cce83129d2e0726df16ad8ab1cad58
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
perl-5.00503-9.src.rpm
3691300 534ac5e7390a1a1e65d0460cc4e1b433
Binary Packages
Size : MD5
perl-5.00503-9.i386.rpm
5001282 80e8a1034dcf7571ffc3dc765659db64
<Turbolinux Server 6.1>
Source Packages
Size : MD5
perl-5.00503-9.src.rpm
3691300 a48e668417213d17b8e2505261de124a
Binary Packages
Size : MD5
perl-5.00503-9.i386.rpm
5002105 ada00e70a55c05e04368bd0456ebf93b
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
perl-5.00503-9.src.rpm
3691300 e59332920321d362c5409499ba863140
Binary Packages
Size : MD5
perl-5.00503-9.i386.rpm
3817193 ee9799db6e988aa888b5912402a88989
References :
CVE
[
CAN-2003-0615]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2003-0615
--------------------------------------------------------------------------
Revision History
27 Aug 2003 Initial release
--------------------------------------------------------------------------
Copyright(C) 2003 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/TEtBK0LzjOqIJMwRAgw5AJ9Vgx7bBomP5s6jOS+QaO+0W0XqRACguhoK
9tglR1QeqKCL8YoKq9ymqfs=
=Fr2F
-----END PGP SIGNATURE-----