Bug 13925

Summary: [CVE 21] perl 5.30.3 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: critical    
Priority: Highest CC: a.proklov, e.kosachev, pastordidi, s.matveev, v.potapov, y.tumanov
Version: AllFlags: v.potapov: qa_verified+
y.tumanov: secteam_verified+
a.proklov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2023-31484, CVE-2023-31486,
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-10-18 20:30:09 MSK 
Please patch CVEs for package perl version 5.30.3
  
INFO (CVEs are): perl 5.30.3
 cves found
CVE-2023-31484
Desc: CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-31484
Severity: HIGH
CVE-2023-31486
Desc: HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-31486
Severity: HIGH
Comment 1 Vladimir Potapov 2023-10-20 17:14:53 MSK 
*** Bug 13793 has been marked as a duplicate of this bug. ***
Comment 2 Vladimir Potapov 2023-10-20 17:15:08 MSK 
*** Bug 13569 has been marked as a duplicate of this bug. ***
Comment 3 Aleksandr Proklov 2023-11-07 15:15:31 MSK 
Уязвимости закрыты патчами.

perl	5.30.3-21

https://abf.io/build_lists/4816616 x64
https://abf.io/build_lists/4816617
https://abf.io/build_lists/4816618
https://abf.io/build_lists/4816620
https://abf.io/build_lists/4816621
Comment 4 Yury 2023-11-07 15:55:16 MSK 
secteam_verified
Comment 5 Dmitry Postnikov 2023-11-08 16:33:48 MSK 
*****************************
Обновление отослано в Тестинг
Comment 6 Vladimir Potapov 2023-11-14 10:15:28 MSK 
perl-5.30.3-21
https://abf.io/build_lists/4816616 x64
https://abf.io/build_lists/4816617
https://abf.io/build_lists/4816618
https://abf.io/build_lists/4816620
https://abf.io/build_lists/4816621
************************* Advisory ************************
CVE-2023-31484 CVE-2023-31486 closed by patches
***********************************************************
QA Verified