Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Critical Integer Overflow Vulnerability in perl-Cpanel-JSON-XS on Fedora 42

This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON (CVE-2025-40929).. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f4f4dae8f2 2025-09-18 00:55:58.913935+00:00 -------------------------------------------------------------------------------- Name : perl-Cpanel-JSON-XS Product : Fedora 42 Version : 4.40 Release : 1.fc42 URL : https://metacpan.org/release/Cpanel-JSON-XS Summary : JSON::XS for Cpanel, fast and correct serializing Description : This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. -------------------------------------------------------------------------------- Update Information: This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON (CVE-2025-40929). -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 9 2025 Paul Howarth - 4.40-1 - Update to 4.40 - Fix overflow with overlong numbers, fuzzing only (CVE-2025-40929) - Detect more malformed numbers, with two decimal points - Pin Github actions to latest @v via pinact run -u * Fri Jul 25 2025 Fedora Release Engineering - 4.39-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jul 8 2025 Jitka Plesnikova - 4.39-4 - Perl 5.42 re-rebuild of bootstrapped packages * Mon Jul 7 2025 Jitka Plesnikova - 4.39-3 - Perl 5.42 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2393917 - CVE-2025-40929 perl-Cpanel-JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2393917 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f4f4dae8f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 42 has upgraded the Cpanel-JSON-XS package to fix an integer overflow vulnerability that could affect JSON data handling. Update now for improved security and validation. Fedora 42, perl-Cpanel-JSON-XS, integer overflow, security update. . Severity: Critical. LinuxSecurity.com Team

Sep 18, 2025 •Critical Fedora