oss-sec mailing list archives

Re: CVE-2026-4176: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib

From: Jacob Bachmeyer <jcb62281 () gmail com>
Date: Sun, 29 Mar 2026 21:20:57 -0500

On 3/29/26 15:55, Stig Palmquist wrote:

========================================================================
CVE-2026-4176                                        CPAN Security Group
========================================================================

[...]

Solutions
---------
Update to Perl stable release 5.40.4 or 5.42.2 or later, which include
Compress::Raw::Zlib 2.222.

You hint at the other solution under "Workarounds" but neglect toactually mention it here:


For *any* Perl version, simply install Compress::Raw::Zlib 2.222 from CPAN.


-- Jacob

Current thread:

CVE-2026-4176: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib Stig Palmquist (Mar 29)
- Re: CVE-2026-4176: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib Jacob Bachmeyer (Mar 29)