Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Fedora 44 perl-libwww-perl Critical Credentials Leak Fix CVE-2026-8368

fedora
Calendar Grey May 31, 2026
Dist Fedora Esm H88
Update for Fedora 44 on perl-libwww-perl enhances security by preventing credential leakage during redirects and reinforces HTTPS standards.
Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to preve...

Summary

The libwww-perl collection is a set of Perl modules which provides a simple and

consistent application programming interface to the World-Wide Web. The main

focus of the library is to provide classes and functions that allow you to

write WWW clients. The library also contain modules that are of more general

use and even classes that help you implement simple HTTP servers.

Update Information:

Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist.

Topics%20covered

Topics Covered

security advisory fedora critical http redirect credential leakage perl-libwww-perl

Change Log

* Tue May 19 2026 Michal Josef \u0160pa\u010dek - 6.83-1 - 6.83 bump

References


[ 1 ] Bug #2476481 - perl-libwww-perl-6.83 is available https://bugzilla.redhat.com/show_bug.cgi?id=2476481

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8d1333fb52' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: perl-libwww-perl
Product: Fedora 44
Version: 6.83
Release: 1.fc44
URL: https://metacpan.org/release/libwww-perl
Summary: A Perl interface to the World-Wide Web

Topics%20covered

Topics Covered

security advisory fedora critical http redirect credential leakage perl-libwww-perl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here