perl-32bit-5.24.0-3.5 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10449 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z perl-32bit-5.24.0-3.5 on GA media These are all security issues fixed in the perl-32bit-5.24.0-3.5 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10449 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10449 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-2761/ SUSE CVE CVE-2010-2761 page https://www.suse.com/security/cve/CVE-2010-4410/ SUSE CVE CVE-2010-4410 page https://www.suse.com/security/cve/CVE-2010-4411/ SUSE CVE CVE-2010-4411 page https://www.suse.com/security/cve/CVE-2010-4777/ SUSE CVE CVE-2010-4777 page openSUSE Tumbleweed perl-5.24.0-3.5 perl-32bit-5.24.0-3.5 perl-base-5.24.0-3.5 perl-base-32bit-5.24.0-3.5 perl-doc-5.24.0-3.5 perl-5.24.0-3.5 as a component of openSUSE Tumbleweed perl-32bit-5.24.0-3.5 as a component of openSUSE Tumbleweed perl-base-5.24.0-3.5 as a component of openSUSE Tumbleweed perl-base-32bit-5.24.0-3.5 as a component of openSUSE Tumbleweed perl-doc-5.24.0-3.5 as a component of openSUSE Tumbleweed The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. CVE-2010-2761 openSUSE Tumbleweed:perl-32bit-5.24.0-3.5 openSUSE Tumbleweed:perl-5.24.0-3.5 openSUSE Tumbleweed:perl-base-32bit-5.24.0-3.5 openSUSE Tumbleweed:perl-base-5.24.0-3.5 openSUSE Tumbleweed:perl-doc-5.24.0-3.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2761.html CVE-2010-2761 https://bugzilla.suse.com/657343 SUSE Bug 657343 https://bugzilla.suse.com/657731 SUSE Bug 657731 https://bugzilla.suse.com/663396 SUSE Bug 663396 https://bugzilla.suse.com/669245 SUSE Bug 669245 https://bugzilla.suse.com/670476 SUSE Bug 670476 CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. CVE-2010-4410 openSUSE Tumbleweed:perl-32bit-5.24.0-3.5 openSUSE Tumbleweed:perl-5.24.0-3.5 openSUSE Tumbleweed:perl-base-32bit-5.24.0-3.5 openSUSE Tumbleweed:perl-base-5.24.0-3.5 openSUSE Tumbleweed:perl-doc-5.24.0-3.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4410.html CVE-2010-4410 https://bugzilla.suse.com/657343 SUSE Bug 657343 https://bugzilla.suse.com/660127 SUSE Bug 660127 https://bugzilla.suse.com/663396 SUSE Bug 663396 https://bugzilla.suse.com/670476 SUSE Bug 670476 Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761. CVE-2010-4411 openSUSE Tumbleweed:perl-32bit-5.24.0-3.5 openSUSE Tumbleweed:perl-5.24.0-3.5 openSUSE Tumbleweed:perl-base-32bit-5.24.0-3.5 openSUSE Tumbleweed:perl-base-5.24.0-3.5 openSUSE Tumbleweed:perl-doc-5.24.0-3.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4411.html CVE-2010-4411 https://bugzilla.suse.com/657343 SUSE Bug 657343 https://bugzilla.suse.com/657731 SUSE Bug 657731 https://bugzilla.suse.com/663396 SUSE Bug 663396 https://bugzilla.suse.com/669245 SUSE Bug 669245 https://bugzilla.suse.com/670476 SUSE Bug 670476 The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. CVE-2010-4777 openSUSE Tumbleweed:perl-32bit-5.24.0-3.5 openSUSE Tumbleweed:perl-5.24.0-3.5 openSUSE Tumbleweed:perl-base-32bit-5.24.0-3.5 openSUSE Tumbleweed:perl-base-5.24.0-3.5 openSUSE Tumbleweed:perl-doc-5.24.0-3.5 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4777.html CVE-2010-4777