P is for Practical | |
PerlMonks |
CPAN clients exposed to sig-related vulnerabilitiesby hippo (Bishop) |
on Nov 23, 2021 at 23:06 UTC ( [id://11139065]=perlnews: print w/replies, xml ) | Need Help?? |
TL;DR - your CPAN client may be vulnerable to modified tarballs from untrusted mirrors (and will have been that way forever). Upgrade, force https, force signature verification and ensure it uses a trusted mirror by default. See the hackeriet.no post listing the vulnerabilities and this in-depth explanation of what is vulnerable and what to do about it. 🦛
Back to
Perl News
|
|