Back

openSUSE Tumbleweed Security Patches Address Multiple Perl Vulnerabilities

Severity: Medium (Score: 45.8)

Sources: Linuxsecurity

Published: 2026-06-07 · Updated: 2026-06-07

Keywords: opensuse, tumbleweed, security, issues, fixed, package, media

Severity indicators: issue, security issue, rat

Summary

Recent security updates for openSUSE Tumbleweed address vulnerabilities in three Perl packages: perl-Sereal-Decoder, perl-IO-Compress, and perl-HTTP-Daemon. The updates include fixes for CVE-2026-10924, CVE-2026-10939, and CVE-2026-10938, respectively. These vulnerabilities could potentially allow for denial of service or other security issues if exploited. The affected packages are perl-Sereal-Decoder-5.6.0-1.1, perl-IO-Compress-2.220.0-1.1, and perl-HTTP-Daemon-6.170.0-1.1. Users of openSUSE Tumbleweed are advised to update their systems to mitigate these risks. The patches were released on June 5 and June 6, 2026. The vulnerabilities are categorized as moderate in severity. Key Points: • Three Perl packages in openSUSE Tumbleweed received security patches for vulnerabilities. • The vulnerabilities include CVE-2026-10924, CVE-2026-10939, and CVE-2026-10938. • Users are urged to update their systems to the latest package versions to mitigate risks.

Detailed Analysis

**Impact** Users of openSUSE Tumbleweed running the affected Perl packages perl-Sereal-Decoder, perl-IO-Compress, and perl-HTTP-Daemon are impacted. The vulnerabilities affect systems globally where these packages are deployed, potentially exposing Perl-based applications to security risks. No specific data loss or sector impact details are provided. **Technical Details** The vulnerabilities reside in perl-Sereal-Decoder 5.6.0-1.1, perl-IO-Compress 2.220.0-1.1, and perl-HTTP-Daemon 6.170.0-1.1 packages on openSUSE Tumbleweed GA media. The articles reference moderate severity CVEs but do not specify exact CVE identifiers, attack vectors, or exploitation methods. No malware, TTPs, or IOCs are mentioned. **Recommended Response** Apply the updated packages perl-Sereal-Decoder-5.6.0-1.1, perl-IO-Compress-2.220.0-1.1, and perl-HTTP-Daemon-6.170.0-1.1 immediately on all affected openSUSE Tumbleweed systems. Monitor for unusual Perl application behavior and review system logs for signs of exploitation attempts. No additional detection signatures or configuration changes are provided.

Source articles (3)

  • openSUSE Tumbleweed perl-Sereal-Decoder Security Patch 2026-10924 — Linuxsecurity · 2026-06-05
    These are all security issues fixed in the perl-Sereal-Decoder-5.6.0-1.1 package on the GA media of openSUSE Tumbleweed. * openSUSE Tumbleweed: * perl-Sereal-Decoder 5.6.0-1.1 * Get the latest Linux a…
  • openSUSE Tumbleweed perl-IO-Compress Moderate Patch CVE-2026 — Linuxsecurity · 2026-06-06
    These are all security issues fixed in the perl-IO-Compress-2.220.0-1.1 package on the GA media of openSUSE Tumbleweed. * openSUSE Tumbleweed: * perl-IO-Compress 2.220.0-1.1 * Get the latest Linux and…
  • openSUSE Tumbleweed perl-HTTP-Daemon Moderate CVE-2026 — Linuxsecurity · 2026-06-06
    These are all security issues fixed in the perl-HTTP-Daemon-6.170.0-1.1 package on the GA media of openSUSE Tumbleweed. * openSUSE Tumbleweed: * perl-HTTP-Daemon 6.170.0-1.1 * Get the latest Linux and…

Timeline

  • 2026-06-05 — Security patch for perl-Sereal-Decoder released: openSUSE Tumbleweed released a patch addressing CVE-2026-10924 in perl-Sereal-Decoder-5.6.0-1.1.
  • 2026-06-06 — Security patch for perl-IO-Compress released: A patch for perl-IO-Compress-2.220.0-1.1 was issued to fix CVE-2026-10939.
  • 2026-06-06 — Security patch for perl-HTTP-Daemon released: openSUSE Tumbleweed released a patch for perl-HTTP-Daemon-6.170.0-1.1 addressing CVE-2026-10938.

Related entities

  • Linux (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed