CPAN clients exposed to sig-related vulnerabilities


P is for Practical
	PerlMonks

CPAN clients exposed to sig-related vulnerabilities

by hippo (Bishop)

on Nov 23, 2021 at 23:06 UTC ( [id://11139065]=perlnews: print w/replies, xml )

Need Help??

TL;DR - your CPAN client may be vulnerable to modified tarballs from untrusted mirrors (and will have been that way forever). Upgrade, force https, force signature verification and ensure it uses a trusted mirror by default.

See the hackeriet.no post listing the vulnerabilities and this in-depth explanation of what is vulnerable and what to do about it.

🦛

Comment on CPAN clients exposed to sig-related vulnerabilities

Replies are listed 'Best First'.
Re: CPAN clients exposed to sig-related vulnerabilities by marto (Cardinal) on Nov 24, 2021 at 09:42 UTC
previously....https://github.com/andk/cpanpm/pull/119 & rt://130819. And recently sometimes no Perl news is good news.	[reply]

Back to Perl News

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: perlnews [id://11139065]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others rifling through the Monastery: (4)

As of 2024-04-19 03:20 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found