Fedora 43 : perl-Catalyst-Plugin-Authentication (2026-af4f5feae8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-af4f5feae8 advisory. Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison...

DEBIAN-CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

[SECURITY] Fedora 43 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc43

This module lets you use HTTP authentication with Catalyst::Plugin::Authentication. Both basic and digest authentication are currently supported...

[SECURITY] Fedora 42 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc42

This module lets you use HTTP authentication with Catalyst::Plugin::Authentication. Both basic and digest authentication are currently supported...

Fedora: Security Advisory (FEDORA-2025-d72429a1f8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : perl-Catalyst-Authentication-Credential-HTTP (2025-d72429a1f8)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d72429a1f8 advisory. This update upgrade the package to version 1.019. This version fixes CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of Data::UUID. Tenab...

CVE-2025-40920 Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable...

PT-2025-32585

Name of the Vulnerable Software and Affected Versions: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier Description: The software generates nonces using the Perl Data::UUID library, which does not employ a strong cryptographic source for UUID generation. Data::UUID returns v3...