MGASA-2026-0158
- Source
- https://advisories.mageia.org/MGASA-2026-0158.html
- Import Source
- https://advisories.mageia.org/MGASA-2026-0158.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2026-0158
- Upstream
- Published
- 2026-05-29T05:12:50Z
- Modified
- 2026-05-29T05:15:05.198800246Z
- Summary
- Updated perl-IO-Compress package fixes security vulnerabilities
- Details
-
The updated package fixes security vulnerabilities: IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. (CVE-2025-15649) IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. (CVE-2026-48959) IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. (CVE-2026-48962)
- References
-
- https://advisories.mageia.org/MGASA-2026-0158.html
- https://bugs.mageia.org/show_bug.cgi?id=35593
- https://www.openwall.com/lists/oss-security/2026/05/27/1
- https://www.openwall.com/lists/oss-security/2026/05/27/2
- https://www.openwall.com/lists/oss-security/2026/05/27/3
- https://www.openwall.com/lists/oss-security/2026/05/27/4
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / perl-IO-Compress
Package
- Name
- perl-IO-Compress
- Purl
- pkg:rpm/mageia/perl-IO-Compress?arch=source&distro=mageia-9