Fedora alert FEDORA-2026-8d1333fb52 (perl-libwww-perl)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: perl-libwww-perl-6.83-1.fc44 | |
| Date: | Sun, 31 May 2026 00:56:57 +0000 | |
| Message-ID: | <20260531005657.DE0AE776DC@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8d1333fb52 2026-05-31 00:55:16.967014+00:00 -------------------------------------------------------------------------------- Name : perl-libwww-perl Product : Fedora 44 Version : 6.83 Release : 1.fc44 URL : https://metacpan.org/release/libwww-perl Summary : A Perl interface to the World-Wide Web Description : The libwww-perl collection is a set of Perl modules which provides a simple and consistent application programming interface to the World-Wide Web. The main focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contain modules that are of more general use and even classes that help you implement simple HTTP servers. -------------------------------------------------------------------------------- Update Information: Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist. -------------------------------------------------------------------------------- ChangeLog: * Tue May 19 2026 Michal Josef Špaček <mspacek@redhat.com> - 6.83-1 - 6.83 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476481 - perl-libwww-perl-6.83 is available https://bugzilla.redhat.com/show_bug.cgi?id=2476481 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8d1333fb52' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
Attachment: None (type=text/plain)
-- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new