Fedora 37: Security Advisory for perl-CPAN TLS Certificate Issue

The CPAN module automates or at least simplifies the make and install of

perl modules and extensions. It includes some primitive searching

capabilities and knows how to use LWP, HTTP::Tiny, Net::FTP and certain

external download clients to fetch distributions from the net.

Security fix for CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS

certificates when downloading distributions over HTTPS. CPAN 2.35 - Add

verify_SSL=>1 to HTTP::Tiny to verify https server identity

* Mon May 15 2023 Jitka Plesnikova - 2.36-1

- 2.36 bump

* Tue May 2 2023 Jitka Plesnikova - 2.35-1

- 2.35 bump

[ 1 ] Bug #2218667 - CVE-2023-31484 perl: CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS

https://bugzilla.redhat.com/show_bug.cgi?id=2218667

su -c 'dnf upgrade --advisory FEDORA-2023-1e5af38524' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: