Alerts This Week
Warning Icon 1 933
Alerts This Week
Warning Icon 1 933

Fedora 43 perl-Apache-Session-Browseable Critical Session Security Flaw

fedora
Calendar Grey May 23, 2026
Dist Fedora Esm H88
This advisory addresses improvements for secure session IDs in Fedora 43's perl-Apache-Session-Browseable. Learn more.
This update has improvements to generate more secure session IDs (CVE-2026-8503).

Summary

A virtual Apache::Session back-end providing some class methods to manipulate

all sessions and add the capability to index some fields to make re-search

faster.

Update Information:

This update has improvements to generate more secure session IDs (CVE-2026-8503).

Topics%20covered

Topics Covered

security advisory fedora critical software update session management session identifiers

Change Log

* Thu May 14 2026 Paul Howarth - 1.3.19-1 - Update to 1.3.19 (rhbz#2477392) - Apache::Session::Generate::SHA256 used a low-entropy seed (time, PID, rand, stringified hash ref) to derive session identifiers; use Crypt::URandom to generate session ids from a cryptographically secure source, falling back to the previous hashing method only if Crypt::URandom is unavailable (CVE-2026-8503, similar in scope to CVE-2025-40931 and CVE-2025-40932) - Fix Redis indexes: never cleaned before - Improve resilience and reliability of Patroni driver * Thu Apr 9 2026 Xavier Bachelot - 1.3.18-4 - BR: perl(DBD::Cassandra) to improve test coverage * Fri Jan 16 2026 Fedora Release Engineering - 1.3.18-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2477392 - perl-Apache-Session-Browseable-1.3.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=2477392 [ 2 ] Bug #2477847 - CVE-2026-8503 perl-Apache-Session-Browseable: perl-Apache-Session-Browseable: Predictable session IDs allow unauthorized system access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477847

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e8ef64b8d3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: perl-Apache-Session-Browseable
Product: Fedora 43
Version: 1.3.19
Release: 1.fc43
URL: https://metacpan.org/release/Apache-Session-Browseable
Summary: Add index and search methods to Apache::Session

Topics%20covered

Topics Covered

security advisory fedora critical software update session management session identifiers

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here