https://bugzilla.redhat.com/show_bug.cgi?id=2035273
Bug ID: 2035273
Summary: CVE-2020-16156 perl-CPAN: allows Signature
Verification Bypass
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mrehak(a)redhat.com
CC: caswilli(a)redhat.com, hhorak(a)redhat.com,
jorton(a)redhat.com, jplesnik(a)redhat.com,
kaycoth(a)redhat.com, mspacek(a)redhat.com,
perl-devel(a)lists.fedoraproject.org,
perl-maint-list(a)redhat.com, ppisar(a)redhat.com
Target Milestone: ---
Classification: Other
It was found that cpan and cpanm are vulnerable to a signature verification
bypass. Additionally, CPAN::Checksums (used by PAUSE) does not uniquely
identify packages in the signed CHECKSUMS file, enabling a supply chain attack.
Reference:
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2035273
https://bugzilla.redhat.com/show_bug.cgi?id=2369739
Bug ID: 2369739
Summary: CVE-2025-40908 perl-YAML-LibYAML: LibYAML Perl File
Modification Vulnerability [fedora-42]
Product: Fedora
Version: 42
Status: NEW
Whiteboard: {"flaws": ["f6dfca03-6fd2-4487-ac5c-839067edd0e2"]}
Component: perl-YAML-LibYAML
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: jplesnik(a)redhat.com
Reporter: ahanwate(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com, mmaslano(a)redhat.com,
mspacek(a)redhat.com, paul(a)city-fan.org,
perl-devel(a)lists.fedoraproject.org
Blocks: 2369630 (CVE-2025-40908)
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2369630
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2369630
[Bug 2369630] CVE-2025-40908 yaml-libyaml: LibYAML Perl File Modification
Vulnerability
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2369739
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2369737
Bug ID: 2369737
Summary: CVE-2025-40908 perl-YAML-LibYAML: LibYAML Perl File
Modification Vulnerability [fedora-41]
Product: Fedora
Version: 41
Status: NEW
Whiteboard: {"flaws": ["f6dfca03-6fd2-4487-ac5c-839067edd0e2"]}
Component: perl-YAML-LibYAML
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: jplesnik(a)redhat.com
Reporter: ahanwate(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com, mmaslano(a)redhat.com,
mspacek(a)redhat.com, paul(a)city-fan.org,
perl-devel(a)lists.fedoraproject.org
Blocks: 2369630 (CVE-2025-40908)
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2369630
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2369630
[Bug 2369630] CVE-2025-40908 yaml-libyaml: LibYAML Perl File Modification
Vulnerability
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2369737
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…