Updated perl-Config-IniFiles package fixes a security vulnerability
Publication date: 18 Jul 2026Modification date: 18 Jul 2026
Type: security
Affected Mageia releases : 10 , 9
CVE: CVE-2026-11527
Description
The updated package fixes a security vulnerability:
Config::IniFiles versions before 3.001000 for Perl allow OS command
injection and file overwrite via a 2-arg open() of the -file argument in
_make_filehandle. (CVE-2026-11527)
References
- https://bugs.mageia.org/show_bug.cgi?id=35701
- https://www.openwall.com/lists/oss-security/2026/06/14/5
- https://metacpan.org/release/SHLOMIF/Config-IniFiles-3.001000/changes
- https://ubuntu.com/security/notices/USN-8445-1
- https://lists.debian.org/debian-security-announce/2026/msg00265.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNV5NUG6UF4JCFTI7P253PPUETZTA4HE/
- https://www.cve.org/CVERecord?id=CVE-2026-11527
SRPMS
10/core
- perl-Config-IniFiles-3.0.3-3.1.mga10
9/core
- perl-Config-IniFiles-3.0.3-2.1.mga9