Advisories » MGASA-2026-0148

Updated perl-YAML-Syck package fixes security vulnerability

Publication date: 18 May 2026
Modification date: 18 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-5089

Description

YAML::Syck versions before 1.38 for Perl have an out-of-bounds read.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35525
• https://www.openwall.com/lists/oss-security/2026/05/12/16
• https://metacpan.org/release/TODDR/YAML-Syck-1.45/source/Changes
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5089

SRPMS

9/core

• perl-YAML-Syck-1.450.0-1.mga9