Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE Leap 16.0 perl-HTTP-Tiny Moderate Header Smuggling CVE-2026-7010

opensuse
Calendar Grey May 25, 2026
Dist Opensuse Esm H88
Solve vulnerability in perl-http-tiny with openSUSE security update for Leap 16.0 and ensure system stability.
An update that solves one vulnerability and has one bug fix can now be installed.

Description

This update for perl-HTTP-Tiny fixes the following issues:

Changes in perl-HTTP-Tiny:

- updated to 0.094

0.094

- No changes from 0.093-TRIAL

0.093

- fix to prevent invalid characters in all headers, and prevent header

smuggling (CVE-2026-7010) bsc#1264992

- updated to 0.092

0.092

- No changes from 0.091-TRIAL

0.091

[ADDED]

- Added keep_alive_timeout to force keepalive connections to be closed

based on a timeout.

[CHANGED]

- Optional tests are always required when releasing.

- Always use TCP_NODELAY option.

[FIXED]

- Fixed test incorrectly testing cookie jar interactions multiple times.

- Fixed perl version comparisons to work when not starting with 5.

- Fixed link to LIMITATIONS in documentation.

- updated to 0.090

0.090

- No changes from 0.089-TRIAL

0.089

[CHANGED]

- Find the certificate bundle via IO::Socket::SSL rather than implementing

it in...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

perl-HTTP-Tiny-0.094-bp160.1.1

References

* bsc#1264992

References:

* https://www.suse.com/security/cve/CVE-2026-7010.html

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20792-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here