Multiple CVEs Fixed in Fedora 44 perl-IO-Compress and perl-Compress-Raw-Bzip2

Fedora 44 has released updates for perl-IO-Compress and perl-Compress-Raw-Bzip2 to address multiple vulnerabilities. The updates fix CVE-2025-15649, CVE-2026-48959, CVE-2026-48961, and CVE-2026-48962, all published on 2026-05-27. CVE-2026-48962 has a proof of concept (PoC) available since 2026-06-10, allowing for arbitrary code execution via attacker-controlled output glob. CVE-2025-15649 and CVE-2026-48959 are associated with denial of service and CPU exhaustion issues, respectively. The updates were released on 2026-06-22 and are available for installation via the 'dnf' update program. Users are advised to apply these updates to mitigate potential exploitation risks.

Key Points: • Fedora 44 updates address multiple vulnerabilities in perl-IO-Compress and perl-Compress-Raw-Bzip2. • CVE-2026-48962 has an available proof of concept for arbitrary code execution. • Users are urged to apply updates released on 2026-06-22 to mitigate risks.