Amazon Linux 2023: CVE-2023-31484: Important priority package update for perl (Multiple Advisories)

Amazon Linux 2023: CVE-2023-31484: Important priority package update for perl (Multiple Advisories)

Severity

7

CVSS

(AV:N/AC:H/Au:N/C:C/I:C/A:N)

Published

04/29/2023

Created

02/14/2025

Added

02/14/2025

Modified

02/14/2025

Description

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to `verify_SSL` missing when suing the `HTTP::Tiny` library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing confidentiality or integrity issues.

Solution(s)

• amazon-linux-2023-upgrade-perl
• amazon-linux-2023-upgrade-perl-attribute-handlers
• amazon-linux-2023-upgrade-perl-autoloader
• amazon-linux-2023-upgrade-perl-autosplit
• amazon-linux-2023-upgrade-perl-autouse
• amazon-linux-2023-upgrade-perl-b
• amazon-linux-2023-upgrade-perl-base
• amazon-linux-2023-upgrade-perl-b-debuginfo
• amazon-linux-2023-upgrade-perl-benchmark
• amazon-linux-2023-upgrade-perl-blib
• amazon-linux-2023-upgrade-perl-class-struct
• amazon-linux-2023-upgrade-perl-config-extensions
• amazon-linux-2023-upgrade-perl-cpan
• amazon-linux-2023-upgrade-perl-cpan-tests
• amazon-linux-2023-upgrade-perl-dbm-filter
• amazon-linux-2023-upgrade-perl-debugger
• amazon-linux-2023-upgrade-perl-debuginfo
• amazon-linux-2023-upgrade-perl-debugsource
• amazon-linux-2023-upgrade-perl-deprecate
• amazon-linux-2023-upgrade-perl-devel
• amazon-linux-2023-upgrade-perl-devel-peek
• amazon-linux-2023-upgrade-perl-devel-peek-debuginfo
• amazon-linux-2023-upgrade-perl-devel-selfstubber
• amazon-linux-2023-upgrade-perl-diagnostics
• amazon-linux-2023-upgrade-perl-dirhandle
• amazon-linux-2023-upgrade-perl-doc
• amazon-linux-2023-upgrade-perl-dumpvalue
• amazon-linux-2023-upgrade-perl-dynaloader
• amazon-linux-2023-upgrade-perl-encoding-warnings
• amazon-linux-2023-upgrade-perl-english
• amazon-linux-2023-upgrade-perl-errno
• amazon-linux-2023-upgrade-perl-extutils-constant
• amazon-linux-2023-upgrade-perl-extutils-embed
• amazon-linux-2023-upgrade-perl-extutils-miniperl
• amazon-linux-2023-upgrade-perl-fcntl
• amazon-linux-2023-upgrade-perl-fcntl-debuginfo
• amazon-linux-2023-upgrade-perl-fields
• amazon-linux-2023-upgrade-perl-file-basename
• amazon-linux-2023-upgrade-perl-filecache
• amazon-linux-2023-upgrade-perl-file-compare
• amazon-linux-2023-upgrade-perl-file-copy
• amazon-linux-2023-upgrade-perl-file-dosglob
• amazon-linux-2023-upgrade-perl-file-dosglob-debuginfo
• amazon-linux-2023-upgrade-perl-file-find
• amazon-linux-2023-upgrade-perl-filehandle
• amazon-linux-2023-upgrade-perl-file-stat
• amazon-linux-2023-upgrade-perl-filetest
• amazon-linux-2023-upgrade-perl-findbin
• amazon-linux-2023-upgrade-perl-gdbm-file
• amazon-linux-2023-upgrade-perl-gdbm-file-debuginfo
• amazon-linux-2023-upgrade-perl-getopt-std
• amazon-linux-2023-upgrade-perl-hash-util
• amazon-linux-2023-upgrade-perl-hash-util-debuginfo
• amazon-linux-2023-upgrade-perl-hash-util-fieldhash
• amazon-linux-2023-upgrade-perl-hash-util-fieldhash-debuginfo
• amazon-linux-2023-upgrade-perl-i18n-collate
• amazon-linux-2023-upgrade-perl-i18n-langinfo
• amazon-linux-2023-upgrade-perl-i18n-langinfo-debuginfo
• amazon-linux-2023-upgrade-perl-i18n-langtags
• amazon-linux-2023-upgrade-perl-if
• amazon-linux-2023-upgrade-perl-interpreter
• amazon-linux-2023-upgrade-perl-interpreter-debuginfo
• amazon-linux-2023-upgrade-perl-io
• amazon-linux-2023-upgrade-perl-io-debuginfo
• amazon-linux-2023-upgrade-perl-ipc-open3
• amazon-linux-2023-upgrade-perl-less
• amazon-linux-2023-upgrade-perl-lib
• amazon-linux-2023-upgrade-perl-libnetcfg
• amazon-linux-2023-upgrade-perl-libs
• amazon-linux-2023-upgrade-perl-libs-debuginfo
• amazon-linux-2023-upgrade-perl-locale
• amazon-linux-2023-upgrade-perl-locale-maketext-simple
• amazon-linux-2023-upgrade-perl-macros
• amazon-linux-2023-upgrade-perl-math-complex
• amazon-linux-2023-upgrade-perl-memoize
• amazon-linux-2023-upgrade-perl-meta-notation
• amazon-linux-2023-upgrade-perl-module-loaded
• amazon-linux-2023-upgrade-perl-mro
• amazon-linux-2023-upgrade-perl-mro-debuginfo
• amazon-linux-2023-upgrade-perl-ndbm-file
• amazon-linux-2023-upgrade-perl-ndbm-file-debuginfo
• amazon-linux-2023-upgrade-perl-net
• amazon-linux-2023-upgrade-perl-next
• amazon-linux-2023-upgrade-perl-odbm-file
• amazon-linux-2023-upgrade-perl-odbm-file-debuginfo
• amazon-linux-2023-upgrade-perl-opcode
• amazon-linux-2023-upgrade-perl-opcode-debuginfo
• amazon-linux-2023-upgrade-perl-open
• amazon-linux-2023-upgrade-perl-overload
• amazon-linux-2023-upgrade-perl-overloading
• amazon-linux-2023-upgrade-perl-ph
• amazon-linux-2023-upgrade-perl-pod-functions
• amazon-linux-2023-upgrade-perl-pod-html
• amazon-linux-2023-upgrade-perl-posix
• amazon-linux-2023-upgrade-perl-posix-debuginfo
• amazon-linux-2023-upgrade-perl-safe
• amazon-linux-2023-upgrade-perl-search-dict
• amazon-linux-2023-upgrade-perl-selectsaver
• amazon-linux-2023-upgrade-perl-selfloader
• amazon-linux-2023-upgrade-perl-sigtrap
• amazon-linux-2023-upgrade-perl-sort
• amazon-linux-2023-upgrade-perl-subs
• amazon-linux-2023-upgrade-perl-symbol
• amazon-linux-2023-upgrade-perl-sys-hostname
• amazon-linux-2023-upgrade-perl-sys-hostname-debuginfo
• amazon-linux-2023-upgrade-perl-term-complete
• amazon-linux-2023-upgrade-perl-term-readline
• amazon-linux-2023-upgrade-perl-test
• amazon-linux-2023-upgrade-perl-tests
• amazon-linux-2023-upgrade-perl-text-abbrev
• amazon-linux-2023-upgrade-perl-thread
• amazon-linux-2023-upgrade-perl-thread-semaphore
• amazon-linux-2023-upgrade-perl-tie
• amazon-linux-2023-upgrade-perl-tie-file
• amazon-linux-2023-upgrade-perl-tie-memoize
• amazon-linux-2023-upgrade-perl-time
• amazon-linux-2023-upgrade-perl-time-piece
• amazon-linux-2023-upgrade-perl-time-piece-debuginfo
• amazon-linux-2023-upgrade-perl-unicode-ucd
• amazon-linux-2023-upgrade-perl-user-pwent
• amazon-linux-2023-upgrade-perl-utils
• amazon-linux-2023-upgrade-perl-vars
• amazon-linux-2023-upgrade-perl-vmsish

References

• https://attackerkb.com/topics/cve-2023-31484
• CVE - 2023-31484
• https://alas.aws.amazon.com/AL2023/ALAS-2023-178.html
• https://alas.aws.amazon.com/AL2023/ALAS-2023-182.html