Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

CPAN clients exposed to sig-related vulnerabilities

by hippo (Bishop)
on Nov 23, 2021 at 23:06 UTC ( #11139065=perlnews: print w/replies, xml ) Need Help??

TL;DR - your CPAN client may be vulnerable to modified tarballs from untrusted mirrors (and will have been that way forever). Upgrade, force https, force signature verification and ensure it uses a trusted mirror by default.

See the hackeriet.no post listing the vulnerabilities and this in-depth explanation of what is vulnerable and what to do about it.


🦛

  • Comment on CPAN clients exposed to sig-related vulnerabilities

Replies are listed 'Best First'.
Re: CPAN clients exposed to sig-related vulnerabilities
by marto (Cardinal) on Nov 24, 2021 at 09:42 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlnews [id://11139065]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (2)
As of 2021-12-04 18:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    R or B?



    Results (30 votes). Check out past polls.

    Notices?