Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 42 Advisory FEDORA-2025-30244ebfc7 critical: perl directory handling

fedora
Calendar Grey July 12, 2025
Dist Fedora Esm H88
This notice addresses an important issue in Fedora 42’s perl package, fixing CVE-2025-40910 related to file paths.
Fixes CVE-2025-40909 - Clone dirhandles without fchdir

Summary

Perl is a high-level programming language with roots in C, sed, awk and shell

scripting. Perl is good at handling processes and files, and is especially

good at handling text. Perl's hallmarks are practicality and efficiency.

While it is used to do a lot of different things, Perl's most common

applications are system administration utilities and web programming.

This is a metapackage with all the Perl bits and core modules that can be

found in the upstream tarball from perl.org.

If you need only a specific feature, you can install a specific package

instead. E.g. to handle Perl scripts with /usr/bin/perl interpreter,

install perl-interpreter package. See perl-interpreter description for more

details on the Perl decomposition into packages.

Update Information:

Fixes CVE-2025-40909 - Clone dirhandles without fchdir

Topics%20covered

Topics Covered

security advisory fedora critical perl fix directory handling

Change Log

* Wed Jul 9 2025 Jitka Plesnikova - 4:5.40.2-518 - Fixes: CVE-2025-40909 - Clone dirhandles without fchdir

References


[ 1 ] Bug #2369463 - CVE-2025-40909 perl: Perl threads have a working directory race condition where file operations may target unintended paths [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369463

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-30244ebfc7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: perl
Product: Fedora 42
Version: 5.40.2
Release: 518.fc42
URL: https://www.perl.org/
Summary: Practical Extraction and Report Language

Topics%20covered

Topics Covered

security advisory fedora critical perl fix directory handling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here