Advisories » MGASA-2025-0275

Updated perl-YAML-LibYAML packages fix security vulnerability

Publication date: 12 Nov 2025
Modification date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40908

Description

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing
existing files to be modified. (CVE-2025-40908)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34448
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/HKC72252CNE2PZENAI7UN24YB5X2Z5EK/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40908

SRPMS

9/core

• perl-YAML-LibYAML-0.860.0-1.1.mga9