Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 43 perl-libwww-perl Critical Credential Leakage Fix CVE-2026-8368

fedora
Calendar Grey June 5, 2026
Dist Fedora Esm H88
Learn about critical updates in the perl-libwww-perl package for Fedora 43 to prevent credential leakage and enhance security.
Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to preve...

Summary

The libwww-perl collection is a set of Perl modules which provides a simple and

consistent application programming interface to the World-Wide Web. The main

focus of the library is to provide classes and functions that allow you to

write WWW clients. The library also contain modules that are of more general

use and even classes that help you implement simple HTTP servers.

Update Information:

Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist.

Topics%20covered

Topics Covered

security advisory fedora critical http redirect credential leakage perl-libwww-perl

Change Log

* Tue May 19 2026 Michal Josef Špaček - 6.83-1 - 6.83 bump

References

Fedora Update Notification FEDORA-2026-3b48ba7dc7 2026-06-05 04:07:33.979902+00:00
Name : perl-libwww-perl Product : Fedora 43 Version : 6.83 Release : 1.fc43 URL : https://metacpan.org/release/libwww-perl Summary : A Perl interface to the World-Wide Web Description : The libwww-perl collection is a set of Perl modules which provides a simple and consistent application programming interface to the World-Wide Web. The main focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contain modules that are of more general use and even classes that help you implement simple HTTP servers.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3b48ba7dc7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: perl-libwww-perl
Product: Fedora 43
Version: 6.83
Release: 1.fc43
URL: https://metacpan.org/release/libwww-perl
Summary: A Perl interface to the World-Wide Web

Topics%20covered

Topics Covered

security advisory fedora critical http redirect credential leakage perl-libwww-perl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here