Back

Fedora 43 and 44 Address Critical Vulnerabilities in Perl Modules

Severity: High (Score: 72.8)

Sources: Linuxsecurity

Published: 2026-06-05 · Updated: 2026-06-05

Keywords: update, charles, fedora, anderson, cve-2026, perl-extutils-builder-compiler, critical

Severity indicators: critical

Summary

Fedora has released important updates for version 43 and 44 addressing critical vulnerabilities in various Perl modules, including perl-Dist-Build and perl-ExtUtils-Builder. The updates are prompted by CVE-2026-8463, published on May 13, 2026, which affects systems using these modules. The vulnerabilities could potentially allow for denial-of-service attacks, impacting users of Fedora 43 and 44. Users are advised to apply the updates immediately using the 'dnf' package manager to mitigate risks. The updates include enhancements and fixes to ensure secure operations of the affected modules. The vulnerabilities were confirmed by Fedora's security team and are part of ongoing efforts to maintain system integrity. The updates are available as of June 5, 2026. Key Points: • Fedora 43 and 44 have released critical updates for Perl modules due to CVE-2026-8463. • The vulnerabilities could lead to denial-of-service attacks affecting Fedora users. • Users are urged to update their systems immediately using the 'dnf' package manager.

Detailed Analysis

**Impact** Users of Fedora versions 43 and 44 running Perl modules perl-Dist-Build, perl-ExtUtils-Builder, perl-Crypt-Argon2, and perl-ExtUtils-Builder-Compiler are affected by critical and medium severity vulnerabilities. These modules are widely used in software build and cryptographic operations, potentially impacting development environments and applications relying on secure password handling. No specific sectors or geographies are detailed, but the scope includes all Fedora 43 and 44 deployments utilizing these Perl components. **Technical Details** The vulnerabilities include a critical Denial of Service (DoS) flaw (CVE-2026-8463) in perl-Crypt-Argon2 and other unspecified critical CVEs in perl-Dist-Build and perl-ExtUtils-Builder modules. The attack vector involves exploitation of build process abstractions and cryptographic key derivation functions within these Perl modules. No malware, tools, or infrastructure details are provided, nor are there any IOCs or specific kill chain stages mentioned. **Recommended Response** Apply the Fedora advisories FEDORA-2026-f2c746ff8e for Fedora 43 and FEDORA-2026-dafdad8fd3 for Fedora 44 immediately using the "dnf upgrade" command to patch the affected Perl modules. Monitor build environments and cryptographic operations for anomalies. No additional detection or mitigation details are available; defenders should maintain vigilance for unusual activity related to Perl build tools and cryptographic functions.

Source articles (7)

  • Fedora version 43 issues advisory on critical vulnerability CVE-2026 — Linuxsecurity · 2026-06-05
    * Sun Mar 22 2026 Charles R. Anderson 0.020-1 - Update to 0.020 - add scan-perl-buildrequires.sh which uses scan-perl-prereqs from Perl::PrereqScanner - Update BR * Mon Jan 19 2026 Charles R. Anderson…
  • Fedora 43 perl-Dist-Build Important Update for CVE-2026 — Linuxsecurity · 2026-06-05
    * Sun Mar 22 2026 Charles R. Anderson 0.028-1 - Update to 0.028 - Update BR/Requires * Mon Jan 19 2026 Charles R. Anderson 0.025-1 - Update to 0.025 * Sat Jan 17 2026 Fedora Release Engineering - 0.02…
  • Fedora 43 perl-ExtUtils-Builder-Compiler Medium Threat Update CVE-2026 — Linuxsecurity · 2026-06-05
    * Sun Mar 22 2026 Charles R. Anderson 0.036-1 - Update to 0.036 * Mon Jan 19 2026 Charles R. Anderson 0.035-1 - Update to 0.035 * Mon Jan 19 2026 Charles R. Anderson 0.034-1 - Update to 0.034 * Sat Ja…
  • Fedora 43 perl-Crypt-Argon2 Significant Enhancement CVE-2026 — Linuxsecurity · 2026-06-05
    * Tue May 26 2026 Charles R. Anderson - 0.031-1 - Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463 * Sat Jan 17 2026 Fedora Release Engineering - 0.030-2 - Rebuilt for * Tue Aug 26 2025 Charles R…
  • Fedora 44 perl-Dist-Build Critical CVE-2026 — Linuxsecurity · 2026-06-05
    * Sun Mar 22 2026 Charles R. Anderson 0.028-1 - Update to 0.028 - Update BR/Requires * Sun Mar 22 2026 Charles R. Anderson 0.028-1 - Update to 0.028 - Update BR/Requires Fedora Update Notification FED…
  • Fedora 44 perl-ExtUtils-Builder Critical DoS Fix CVE-2026 — Linuxsecurity · 2026-06-05
    * Sun Mar 22 2026 Charles R. Anderson 0.020-1 - Update to 0.020 - add scan-perl-buildrequires.sh which uses scan-perl-prereqs from Perl::PrereqScanner - Update BR * Sun Mar 22 2026 Charles R. Anderson…
  • Fedora 44 perl-ExtUtils-Builder-Compiler Notice CVE-2026 — Linuxsecurity · 2026-06-05
    Fedora Update Notification FEDORA-2026-dafdad8fd3 2026-06-05 04:25:00.358941+00:00 Name : perl-ExtUtils-Builder-Compiler Product : Fedora 44 Version : 0.036 Release : 1.fc44 URL : Summary : Interface…

Timeline

  • 2026-05-13 — CVE-2026-8463 published: CVE-2026-8463 was disclosed, affecting various Perl modules in Fedora systems.
  • 2026-06-05 — Fedora releases updates for critical vulnerabilities: Fedora 43 and 44 issued updates for perl-Dist-Build and perl-ExtUtils-Builder to address CVE-2026-8463.

CVEs

  • CVE-2026-8463

Related entities

  • DDoS (Attack Type)
  • Fedora (Company)
  • Linux (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed