Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Mageia perl-Config-IniFiles Important Command Injection Fix CVE-2026-11527

mageia
Calendar Grey July 18, 2026
Scroller Mageia
A security update for Mageia addresses a critical vulnerability in perl-Config-IniFiles allowing command injection.
Security update

Summary

Description: The updated package fixes a security vulnerability: Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle. (CVE-2026-11527)

References

- https://bugs.mageia.org/show_bug.cgi?id=35701

- https://www.openwall.com/lists/oss-security/2026/06/14/5

- https://metacpan.org/release/SHLOMIF/Config-IniFiles-3.001000/changes

- https://ubuntu.com/security/notices/USN-8445-1

- https://lists.debian.org/debian-security-announce/2026/msg00265.html

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNV5NUG6UF4JCFTI7P253PPUETZTA4HE/

- https://www.cve.org/CVERecord?id=CVE-2026-11527

Resolution

SRPMS

- 10/core/perl-Config-IniFiles-3.0.3-3.1.mga10

- 9/core/perl-Config-IniFiles-3.0.3-2.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 18 Jul 2026 
URL: https://advisories.mageia.org/MGASA-2026-0263.html
Type: security
CVE: CVE-2026-11527

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.