FEDORA-2018-ded377a782

security update in Fedora 28 for perl-Dancer2

Status: stable a year ago

Dancer2 0.206000 addresses several potential security issues.

There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE.

Parsing requests now uses HTTP::Entity::Parser which reduces the amount of code needed and does not require re-parsing the request body.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-ded377a782

Comments 6

This update has been submitted for testing by eseyman.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by eseyman.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted a year ago
in testing a year ago
in stable a year ago

Related Bugs 1

00 #1569981 perl-Dancer2-0.206000 is available

Automated Test Results