Lucene search

K
amazonAmazonALAS-2023-1751
HistoryMay 25, 2023 - 5:41 p.m.

Important: perl

2023-05-2517:41:00
alas.aws.amazon.com
21
http::tiny
tls configuration
perl
cve-2023-31484
yum update

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.004

Percentile

74.0%

Issue Overview:

HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31484)

Affected Packages:

perl

Issue Correction:
Run yum update perl to update your system.

New Packages:

i686:  
    perl-libs-5.16.3-294.44.amzn1.i686  
    perl-devel-5.16.3-294.44.amzn1.i686  
    perl-debuginfo-5.16.3-294.44.amzn1.i686  
    perl-macros-5.16.3-294.44.amzn1.i686  
    perl-tests-5.16.3-294.44.amzn1.i686  
    perl-5.16.3-294.44.amzn1.i686  
    perl-Time-Piece-1.20.1-294.44.amzn1.i686  
    perl-core-5.16.3-294.44.amzn1.i686  
  
noarch:  
    perl-ExtUtils-CBuilder-0.28.2.6-294.44.amzn1.noarch  
    perl-Module-Loaded-0.08-294.44.amzn1.noarch  
    perl-Pod-Escapes-1.04-294.44.amzn1.noarch  
    perl-CPAN-1.9800-294.44.amzn1.noarch  
    perl-IO-Zlib-1.10-294.44.amzn1.noarch  
    perl-Locale-Maketext-Simple-0.21-294.44.amzn1.noarch  
    perl-ExtUtils-Install-1.58-294.44.amzn1.noarch  
    perl-ExtUtils-Embed-1.30-294.44.amzn1.noarch  
    perl-Package-Constants-0.02-294.44.amzn1.noarch  
    perl-Object-Accessor-0.42-294.44.amzn1.noarch  
    perl-Module-CoreList-2.76.02-294.44.amzn1.noarch  
  
src:  
    perl-5.16.3-294.44.amzn1.src  
  
x86_64:  
    perl-debuginfo-5.16.3-294.44.amzn1.x86_64  
    perl-5.16.3-294.44.amzn1.x86_64  
    perl-macros-5.16.3-294.44.amzn1.x86_64  
    perl-libs-5.16.3-294.44.amzn1.x86_64  
    perl-tests-5.16.3-294.44.amzn1.x86_64  
    perl-Time-Piece-1.20.1-294.44.amzn1.x86_64  
    perl-devel-5.16.3-294.44.amzn1.x86_64  
    perl-core-5.16.3-294.44.amzn1.x86_64  

Additional References

Red Hat: CVE-2023-31484

Mitre: CVE-2023-31484

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.004

Percentile

74.0%