{"id":"MGASA-2025-0274","summary":"Updated perl packages fix security vulnerabilities","details":"CPAN.pm before 2.35 does not verify TLS certificates when downloading\ndistributions over HTTPS. (CVE-2023-31484)\nPerl is vulnerable to a heap buffer overflow when transliterating\nnon-ASCII bytes. (CVE-2024-56406)\nPerl threads have a working directory race condition where file\noperations may target unintended paths. (CVE-2025-40909)\n","modified":"2026-04-16T00:10:29.978868248Z","published":"2025-11-12T21:29:34Z","upstream":["CVE-2023-31484","CVE-2024-56406","CVE-2025-40909"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0274.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34209"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31852"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2023/04/29/1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6112-1"},{"type":"WEB","url":"https://openwall.com/lists/oss-security/2025/04/13/3"},{"type":"WEB","url":"https://lists.debian.org/debian-security-announce/2025/msg00064.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7434-1"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USJDDXS5I35D7CEPDILLJIEUAZOXW7YF/"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2025/05/22/2"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2025/05/23/1"},{"type":"WEB","url":"https://openwall.com/lists/oss-security/2025/05/30/4"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2025/06/02/2"}],"affected":[{"package":{"name":"perl","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/perl?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.36.0-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0274.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}