Fedora: perl-Net-OAuth Update Fixes Critical Session Fixation Issue
fedora
October 15, 2009
A session fixation vulnerability was discovered in OAuth protocol 1.0
Summary
Perl implementation of OAuth, an open protocol to allow secure API
authentication in a simple and standard method from desktop and web
applications. In practical terms, a mechanism for a Consumer to request
protected resources from a Service Provider on behalf of a user.
Update Information:
A session fixation vulnerability was discovered in OAuth protocol 1.0. Perl OAuth bindings were updated to support the new version of the OAauth protocol that was issued to address the vulnerability. All OAuth users are strongly advised to update to this updated package and protocol version 1.0a which fixes the vulnerability. Upstream advisory: https://oauth.net/advisories/2009-1/
Topics Covered
Change Log
* Tue Oct 13 2009 Lubomir Rintel (Good Data)
References
[ 1 ] Bug #528608 - current perl-Net-OAuth does not support OAuth 1.0a
https://bugzilla.redhat.com/show_bug.cgi?id=528608
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update perl-Net-OAuth' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: perl-Net-OAuth
Product: Fedora 11
Version: 0.19
Release: 1.fc11
Summary: OAuth protocol support library for Perl
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!