Lucene search

AmazonALAS2-2023-2094

HistoryJun 21, 2023 - 7:11 p.m.

Important: perl-Pod-Perldoc

2023-06-2119:11:00

alas.aws.amazon.com

http::tiny

tls configuration

certificates

update

perl

insecure

cve-2023-31486

amazon linux 2

red hat

mitre

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

JSON

Issue Overview:

HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31486)

Affected Packages:

perl-Pod-Perldoc

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update perl-Pod-Perldoc to update your system.

New Packages:

noarch:  
    perl-Pod-Perldoc-3.20-4.amzn2.0.1.noarch  
  
src:  
    perl-Pod-Perldoc-3.20-4.amzn2.0.1.src

Additional References

Red Hat: CVE-2023-31486

Mitre: CVE-2023-31486

OSVersionArchitecturePackageVersionFilename
Amazon Linux2noarchperl-pod-perldoc< 3.20-4.amzn2.0.1perl-Pod-Perldoc-3.20-4.amzn2.0.1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	noarch	perl-pod-perldoc	< 3.20-4.amzn2.0.1	perl-Pod-Perldoc-3.20-4.amzn2.0.1.noarch.rpm

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

JSON

Related for ALAS2-2023-2094