Alerts This Week
Warning Icon 1 1,102
Alerts This Week
Warning Icon 1 1,102

Fedora 44 perl-IO-Compress Important Denial of Service Vulnerability Fix

fedora
Calendar Grey June 25, 2026
Dist Fedora Esm H88
Important advisory for Fedora 44 on perl-IO-Compress addressing denial of service and arbitrary code execution issues.
perl-Compress-Taw-Bzip2 - Updated to 2.218 perl-IO-Compress - Updated to 2.221 - Fix CVE-2025-15649, CVE-2026-48959, CVE-2026-48961, CVE-2026-48962

Summary

This distribution provides a Perl interface to allow reading and writing of

compressed data created with the zlib and bzip2 libraries.

IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951,

RFC 1952 (i.e. gzip) and zip files/buffers.

The following modules used to be distributed separately, but are now

included with the IO-Compress distribution:

* Compress-Zlib

* IO-Compress-Zlib

* IO-Compress-Bzip2

* IO-Compress-Base

Update Information:

perl-Compress-Taw-Bzip2 - Updated to 2.218 perl-IO-Compress - Updated to 2.221 - Fix CVE-2025-15649, CVE-2026-48959, CVE-2026-48961, CVE-2026-48962

Topics%20covered

Topics Covered

security advisory denial of service fedora arbitrary code execution important perl

Change Log

* Mon Jun 22 2026 Jitka Plesnikova - 2.221-1 - 2.221 bump (rhbz#2489325) Fixed CVE-2026-48961, CVE-2026-48962, CVE-2026-48959

References


[ 1 ] Bug #2445591 - perl-Compress-Raw-Bzip2-2.218 is available https://bugzilla.redhat.com/show_bug.cgi?id=2445591 [ 2 ] Bug #2483254 - CVE-2026-48962 perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2483254 [ 3 ] Bug #2489171 - CVE-2025-15649 perl-IO-Compress: perl-IO-Compress: Denial of Service via malformed DOS date in zip header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489171 [ 4 ] Bug #2489766 - CVE-2026-48961 perl-IO-Compress: IO::Compress: Denial of Service in zipdetails CLI tool via malformed Info-ZIP Unix Extra Field [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489766 [ 5 ] Bug #2489781 - CVE-2026-48959 perl-IO-Compress: perl-IO-Compress: CPU exhaustion via per-byte read loop in fastForward [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489781

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7ecfdcf0e3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: perl-IO-Compress
Product: Fedora 44
Version: 2.221
Release: 1.fc44
URL: https://metacpan.org/release/IO-Compress
Summary: Read and write compressed data

Topics%20covered

Topics Covered

security advisory denial of service fedora arbitrary code execution important perl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here