Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora 42: Important Fix for perl-Catalyst-Plugin-Session Random ID

fedora
Calendar Grey September 16, 2025
Dist Fedora Esm H88
Correction for CVE-2025-40924 in Fedora 42, bolstering security through the creation of unpredictable session identifiers.
This update upgrade the package to version 0.44

Summary

This plugin is the base of two related parts of functionality

required for session management in web applications.

The first part, the State, is getting the browser to repeat back a

session key, so that the web application can identify the client and

logically string several requests together into a session.

The second part, the Store, deals with the actual storage of information

about the client. This data is stored so that the it may be revived for

every request made by the same client.

This plugin links the two pieces together.

Update Information:

This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs.

Change Log

* Sun Aug 31 2025 Emmanuel Seyman - 0.44-1 - Update to 0.44

References


[ 1 ] Bug #2381744 - CVE-2025-40924 perl-Catalyst-Plugin-Session: Catalyst::Plugin::Session generates session ids insecurely [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2381744

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-90d5989bee' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: perl-Catalyst-Plugin-Session
Product: Fedora 42
Version: 0.44
Release: 1.fc42
Summary: Catalyst generic session plugin

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here