Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 25.10 Perl Critical Denial of Service Fix USN-8467-2

ubuntu
Calendar Grey July 3, 2026
Dist Ubuntu Esm H88
Critical Perl security update for Ubuntu 25.10 addresses multiple issues including DoS and file access vulnerabilities.
Several security issues were fixed in Perl.

Summary

Several security issues were fixed in Perl.

Software Description:

- perl: Practical Extraction and Report Language

Details:

USN-8467-1 fixed vulnerabilities in Perl. This update provides the

corresponding fix for Perl on Ubuntu 25.10.

Original advisory details:

It was discovered that Perl's Archive::Tar module incorrectly handled

symlink and hardlink targets during extraction. An attacker could use this

issue to read or overwrite arbitrary files outside the extraction

directory. (CVE-2026-42496)

It was discovered that Perl had a heap buffer overflow when compiling

regular expressions with a repeated fixed string on 32-bit builds. An

attacker could use this issue to cause a denial of service or possibly

execute arbitrary code. (CVE-2026-8376)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libperl-dev                     5.40.1-6ubuntu0.1
  libperl5.40                     5.40.1-6ubuntu0.1
  perl                            5.40.1-6ubuntu0.1
  perl-base                       5.40.1-6ubuntu0.1
  perl-debug                      5.40.1-6ubuntu0.1
  perl-modules-5.40               5.40.1-6ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8467-2

https://ubuntu.com/security/notices/USN-8467-1

CVE-2026-42496, CVE-2026-8376

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8467-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here