ALAS-2015-629

Amazon Linux 1 (EOL) Security Advisory: ALAS-2015-629
Advisory Released Date: 2015-12-14
Advisory Updated Date: 2015-12-14

Severity: Medium

References: CVE-2015-5667
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.

Affected Packages:

perl-HTML-Scrubber

Issue Correction:
Run yum update perl-HTML-Scrubber or yum update --advisory ALAS-2015-629 to update your system.

New Packages:

noarch:
    perl-HTML-Scrubber-0.15-1.5.amzn1.noarch

src:
    perl-HTML-Scrubber-0.15-1.5.amzn1.src

Additional References

Red Hat: CVE-2015-5667

Mitre: CVE-2015-5667