openSUSE Security Update: perl-CGI-Simple: fix crlf injection (CVE-2010-4410, CVE-2010-4411) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0083-1 Rating: moderate References: #663396 Cross-References: CVE-2010-4410 CVE-2010-4411 Affected Products: openSUSE 11.3 openSUSE 11.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: The following vulnerabilities have been fixed in perl-CGI-Simple: CVE-2010-4410 - crlf injection CVE-2010-4411 - incomplete fix for crlf injection Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch perl-CGI-Simple-3872 - openSUSE 11.2: zypper in -t patch perl-CGI-Simple-3872 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64) [New Version: 1.113]: perl-CGI-Simple-1.113-0.3.1 - openSUSE 11.2 (i586 x86_64) [New Version: 1.113]: perl-CGI-Simple-1.113-0.3.1 References: http://support.novell.com/security/cve/CVE-2010-4410.html http://support.novell.com/security/cve/CVE-2010-4411.html https://bugzilla.novell.com/663396