ALSA-2026:30859

See a problem?
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:30859.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2026:30859
Related
  • CVE-2026-48962
Published
2026-06-29T00:00:00Z
Modified
2026-06-29T10:15:04.418017731Z
Summary
Important: perl-IO-Compress security update
Details

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 (i.e. gzip) and zip files/buffers. The following modules used to be distributed separately, but are now included with the IO-Compress distribution:

  • Compress-Zlib
  • IO-Compress-Zlib
  • IO-Compress-Bzip2
  • IO-Compress-Base

Security Fix(es):

  • perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob (CVE-2026-48962)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / perl-IO-Compress

Package

Name
perl-IO-Compress
Purl
pkg:rpm/almalinux/perl-IO-Compress

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.102-4.el9_8.1

Database specific

source
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:30859.json"