Fedora 43 released two new security advisories, updating the perl-DBI and perl-Socket modules to address critical flaws. The perl-DBI bump to version 1.648 resolves CVE-2026-9698, which allows an attacker to execute arbitrary code via a buffer overflow in error handling, alongside the fix for CVE-2026-10879. Meanwhile, perl-Socket advances to 2.041 to close CVE-2026-12087, an out-of-bounds read that leaks information through a bug in the pack_ip_mreq_source() function.

[SECURITY] Fedora 43 Update: perl-DBI-1.648-1.fc43
[SECURITY] Fedora 43 Update: perl-Socket-2.041-1.fc43

[SECURITY] Fedora 43 Update: perl-DBI-1.648-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d74dd170ab
2026-06-30 01:07:43.641027+00:00
--------------------------------------------------------------------------------

Name : perl-DBI
Product : Fedora 43
Version : 1.648
Release : 1.fc43
URL : http://dbi.perl.org/
Summary : A database access API for perl
Description :
DBI is a database access Application Programming Interface (API) for
the Perl Language. The DBI API Specification defines a set of
functions, variables and conventions that provide a consistent
database interface independent of the actual database being used.

--------------------------------------------------------------------------------
Update Information:

Update to 1.648; Fix CVE-2026-9698 and CVE-2026-10879
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 4 2026 Jitka Plesnikova [jplesnik@redhat.com] - 1.648-1
- 1.648 bump (rhbz#2484824)
- Fix CVE-2026-9698 and CVE-2026-10879
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2488910 - CVE-2026-9698 perl-DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488910
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d74dd170ab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: perl-Socket-2.041-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7df6c5acad
2026-06-30 01:07:43.641030+00:00
--------------------------------------------------------------------------------

Name : perl-Socket
Product : Fedora 43
Version : 2.041
Release : 1.fc43
URL : https://metacpan.org/release/Socket
Summary : Networking constants and support functions
Description :
This Perl module provides a variety of constants, structure manipulators and
other functions related to socket-based networking. The values and functions
provided are useful when used in conjunction with Perl core functions such as
socket(), setsockopt() and bind(). It also provides several other support
functions, mostly for dealing with conversions of network addresses between
human-readable and native binary forms, and for hostname resolver operations.

--------------------------------------------------------------------------------
Update Information:

2.041- BUGFIXES - Fix reuse of STRLEN len variable in pack_ip_mreq_source()
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 27 2026 Jitka Plesnikova [jplesnik@redhat.com] - 4:2.041-1
- 2.041 bump (rhbz#2461914)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2489098 - CVE-2026-12087 perl-Socket: perl-Socket: Information Disclosure due to Out-of-Bounds Read [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489098
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7df6c5acad' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new