Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

openSUSE-SU-2026:20792-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceopenSUSE-SU-2026:20792-1

openSUSE-SU-2026:20792-1

UNKNOWN

Security update for perl-HTTP-Tiny

Published May 25, 2026

Modified 5 days ago

Fix available

Details

Description of the patch:

This update for perl-HTTP-Tiny fixes the following issues:

Changes in perl-HTTP-Tiny:

updated to 0.094 0.094 - No changes from 0.093-TRIAL 0.093 - fix to prevent invalid characters in all headers, and prevent header smuggling (CVE-2026-7010) bsc#1264992
updated to 0.092 0.092 - No changes from 0.091-TRIAL 0.091 [ADDED] - Added keep_alive_timeout to force keepalive connections to be closed based on a timeout. [CHANGED] - Optional tests are always required when releasing. - Always use TCP_NODELAY option. [FIXED] - Fixed test incorrectly testing cookie jar interactions multiple times. - Fixed perl version comparisons to work when not starting with 5. - Fixed link to LIMITATIONS in documentation.
updated to 0.090 0.090 - No changes from 0.089-TRIAL 0.089 [CHANGED] - Find the certificate bundle via IO::Socket::SSL rather than implementing it in HTTP::Tiny. - When encoding form data, given a hashref with an arrayref value, preserve the order of the values in the arrayref rather than sorting. [DOCS] - Fixed internal link to "TLS/SSL SUPPORT" section

Affected Packages

perl-HTTP-Tiny

openSUSE Leap 16.0

Fixed in:

0.094-bp160.1.1

References

https://bugzilla.suse.com/1264992

https://www.suse.com/security/cve/CVE-2026-7010/

https://www.suse.com/support/security/rating/

Upstream

Ecosystems

openSUSE Leap 16.0

Timeline

PublishedMay 25, 2026

ModifiedMay 25, 2026