|
|
Log in / Subscribe / Register

SUSE alert openSUSE-SU-2026:20792-1 (perl-http-tiny)



From:
              null@suse.de


To:
              security-announce@lists.opensuse.org


Subject:
              openSUSE-SU-2026:20792-1: moderate: Security update for perl-HTTP-Tiny


Date:
              Mon, 25 May 2026 17:51:41 +0200


Message-ID:
              <20260525155141.200D8FD89@maintenance.suse.de>


Archive-link:
              Article


openSUSE security update: security update for perl-http-tiny
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20792-1
Rating: moderate
References:

  * bsc#1264992



Cross-References:

  * CVE-2026-7010



Affected Products:

         openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for perl-HTTP-Tiny fixes the following issues:

Changes in perl-HTTP-Tiny:

- updated to 0.094
  0.094
      - No changes from 0.093-TRIAL
  0.093
      - fix to prevent invalid characters in all headers, and prevent header
        smuggling (CVE-2026-7010) bsc#1264992

- updated to 0.092
  0.092
      - No changes from 0.091-TRIAL
  0.091
      [ADDED]
      - Added keep_alive_timeout to force keepalive connections to be closed
        based on a timeout.
      [CHANGED]
      - Optional tests are always required when releasing.
      - Always use TCP_NODELAY option.
      [FIXED]
      - Fixed test incorrectly testing cookie jar interactions multiple times.
      - Fixed perl version comparisons to work when not starting with 5.
      - Fixed link to LIMITATIONS in documentation.

- updated to 0.090
  0.090
      - No changes from 0.089-TRIAL
  0.089
      [CHANGED]
      - Find the certificate bundle via IO::Socket::SSL rather than implementing
        it in HTTP::Tiny.
      - When encoding form data, given a hashref with an arrayref value,
        preserve the order of the values in the arrayref rather than sorting.
      [DOCS]
      - Fixed internal link to "TLS/SSL SUPPORT" section


Patch instructions:

   To install this openSUSE security update use the suse recommended installation methods
   like YaST online_update or "zypper patch".
   Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

   zypper in -t patch openSUSE-Leap-16.0-packagehub-267=1

Package List:

- openSUSE Leap 16.0:

  perl-HTTP-Tiny-0.094-bp160.1.1

References:

  * https://www.suse.com/security/cve/CVE-2026-7010.html
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds