Fedora alert FEDORA-2026-26666575ae (perl-Catalyst-Plugin-Authentication)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: perl-Catalyst-Plugin-Authentication-0.10026-1.fc44 | |
| Date: | Tue, 02 Jun 2026 00:54:55 +0000 | |
| Message-ID: | <20260602005455.0A4A279637@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-26666575ae 2026-06-02 00:53:32.834847+00:00 -------------------------------------------------------------------------------- Name : perl-Catalyst-Plugin-Authentication Product : Fedora 44 Version : 0.10026 Release : 1.fc44 URL : https://metacpan.org/release/Catalyst-Plugin-Authentication Summary : Infrastructure plugin for the Catalyst authentication framework Description : The authentication plugin provides generic user support for Catalyst apps. It is the basis for both authentication (checking the user is who they claim to be), and authorization (allowing the user to do what the system authorizes them to do). -------------------------------------------------------------------------------- Update Information: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password. Version 0.10026 of the module fixes this issue. -------------------------------------------------------------------------------- ChangeLog: * Sun May 24 2026 Emmanuel Seyman <emmanuel@seyman.fr> - 0.10026-1 - Update to 0.10026 (fixes CVE-2026-5091) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483712 - CVE-2026-5091 perl-Catalyst-Plugin-Authentication: Catalyst::Plugin::Authentication: Information disclosure via timing attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2483712 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-26666575ae' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new