Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Mageia: 2022-0078 Severe: Cpanminus Signature Verification Bypass

mageia
Calendar Grey February 22, 2022
Dist Mageia Esm H88
Recent enhancements to cpanminus packages from Mageia address a Signature Validation Flaw, made public on February 22, 2022.
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass

Summary

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. (CVE-2020-16154)

References

- https://bugs.mageia.org/show_bug.cgi?id=30019

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/

- https://www.cve.org/CVERecord?id=CVE-2020-16154

Topics%20covered

Topics Covered

security advisory security fix severe issue perl package signature bypass Mageia cpanminus

Resolution

SRPMS

- 8/core/cpanminus-1.704.500-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 22 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0078.html
Type: security
CVE: CVE-2020-16154

Topics%20covered

Topics Covered

security advisory security fix severe issue perl package signature bypass Mageia cpanminus

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here