-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4538-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler April 18, 2026 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : perl Version : 5.32.1-4+deb11u5 CVE ID : CVE-2025-40909 Debian Bug : 1098226 Vincent Lefèvre discovered that, in the Perl programming language, at thread creation the current directory may temporarily change in other threads, altering file accesses. Under some conditions, a local attacker may leverage this to access unauthorized data or even inject arbitrary code. For Debian 11 bullseye, this problem has been fixed in version 5.32.1-4+deb11u5. We recommend that you upgrade your perl packages. For the detailed security status of perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/perl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmnjS+cACgkQDTl9HeUl XjBBJw/6A7WoZ+c8VzWShoi00tiuZiYKWTAS2yb3wjthV0vZvuWfjpKuQS2juWpA dl/Mt4kqqsEnXIIG9DMreNDlQxbEAC+E6VtHWAG4nKf6dXD2cATZa8vU+WagLdAU kUg46mLYwxniQPrhy7lahGe6WRkkeGCbq8Zz0xkp7TZJjI8mcs2CBtY1e2wXDH0+ Kb7AYyQmGHqfcKet++7EGXZevLOOlXWt6VTJEcxl/LlNSQ1wWsYCqbtvXvjZCYNB QKz8teRm1TwzWbwgXU31SA72VZCn+X3TK6xnAXuzlgAELyoEkwfaNk2I4kRhR+ZM I9r2kHQEUTo8sIwSX87V/latL4mUAtlQt3n8vlrxJlliO/LPfUZdS1LZ3vEIexHh dL5rvYH5c7kAF8D7qSVAvEC3WNWvNFokvg3qdl0BTInABWGSilsPz/mh+I0D+Lcv pO5Vq3Zi4ysEFPryw6sfVQwqEwYR9IX5BeE4sEFLzEUtiRog5J87tke820QNrHGd xNggPfwnPnZoYAgoErN3wQKvmEHaeH2oQBQ5t0+FjfCmbZ0zwgrvhmxMXmaaLYMu jJksePQNp3UqELpAI42IenVMWz/6QjJUx8la4lA6oNuR6fRlVXo+YdRIDxuiLf7W LACKb9z0sOrnMY4bJ7aQcw5rtfCpDHKgYnQ2z7S6mF1Pah7gwWE= =b1JU -----END PGP SIGNATURE-----
