This Important update addresses two vulnerabilities (CVE-2006-10002 and CVE-2006-10003) in the perl-XML-Parser module where crafted or deeply nested XML input can cause heap corruption, memory corruption, and denial of service. The CVSS scores are 7.5 (High) and 9.8 (Critical), respectively. Affected versions are those prior to 2.48, and the fix is to upgrade to perl-XML-Parser version 2.48.
Red Hat Product Errata RHSA-2026:9110 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:9110 - Security Advisory Overview Updated Packages Synopsis Important: perl-XML-Parser security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time. Security Fix(es): perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003) perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2448999 - CVE-2006-10003 perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files BZ - 2449001 - CVE-2006-10002 perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input CVEs CVE-2006-10002 CVE-2006-10003 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM perl-XML-Parser-2.47-6.el10_0.1.src.rpm SHA-256: 86272852cf4caf5a19d3334f6e03b57f7c7666c05ed5853854ebb59d07477697 x86_64 perl-XML-Parser-2.47-6.el10_0.1.x86_64.rpm SHA-256: e4a210c320578f89c60a9fba8cfa1484c12eb0d6f7696a577b80c7a9922da320 perl-XML-Parser-debuginfo-2.47-6.el10_0.1.x86_64.rpm SHA-256: 40d1c05547507fd751939145a0e74f1f2d9453488b4936db430080f1aa904cc2 perl-XML-Parser-debugsource-2.47-6.el10_0.1.x86_64.rpm SHA-256: 60608c65e668aa51b83bc325870e05322da38700da58fce1b3a0e039214a9cfd Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM perl-XML-Parser-2.47-6.el10_0.1.src.rpm SHA-256: 86272852cf4caf5a19d3334f6e03b57f7c7666c05ed5853854ebb59d07477697 s390x perl-XML-Parser-2.47-6.el10_0.1.s390x.rpm SHA-256: 6d7c07a71f332239862df990584c53bf6e80992c8828cee2ade342f51f84cbfe perl-XML-Parser-debuginfo-2.47-6.el10_0.1.s390x.rpm SHA-256: e56d96b5f6aeffadc8f91632ebbd4a0a65d1b21e9a7c4cbcbd000650590c231e perl-XML-Parser-debugsource-2.47-6.el10_0.1.s390x.rpm SHA-256: 10dd73b830cd12ca41bef1eea94679944f3b6a5404b21a77d580f26786e8802f Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM perl-XML-Parser-2.47-6.el10_0.1.src.rpm SHA-256: 86272852cf4caf5a19d3334f6e03b57f7c7666c05ed5853854ebb59d07477697 ppc64le perl-XML-Parser-2.47-6.el10_0.1.ppc64le.rpm SHA-256: 6172eecc182c7bbbc5f155baf45705884251a91f805353433c3e882975b87c7b perl-XML-Parser-debuginfo-2.47-6.el10_0.1.ppc64le.rpm SHA-256: 4d3427d40048c489546cff463bcc5da53276d5597b9e43e227b301f755b824a2 perl-XML-Parser-debugsource-2.47-6.el10_0.1.ppc64le.rpm SHA-256: db193c11a63a20fb8a37d0c2a724819171f2a400561b91cb9855b865c34d6ba9 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM perl-XML-Parser-2.47-6.el10_0.1.src.rpm SHA-256: 86272852cf4caf5a19d3334f6e03b57f7c7666c05ed5853854ebb59d07477697 aarch64 perl-XML-Parser-2.47-6.el10_0.1.aarch64.rpm SHA-256: 720dc96214d779b402d619dc2f18f14b4bea37a093df77927fb9ac6b86bf8a10 perl-XML-Parser-debuginfo-2.47-6.el10_0.1.aarch64.rpm SHA-256: 7d85ff4a5681016947c5d202275340d9819fc370c3ed436e49b5783cd99d3d0d perl-XML-Parser-debugsource-2.47-6.el10_0.1.aarch64.rpm SHA-256: dca13f9bee31468a850bd559f78d9d8e178d0f8ef6c587bafccf0c9bac63c38f Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM perl-XML-Parser-2.47-6.el10_0.1.src.rpm SHA-256: 86272852cf4caf5a19d3334f6e03b57f7c7666c05ed5853854ebb59d07477697 aarch64 perl-XML-Parser-2.47-6.el10_0.1.aarch64.rpm SHA-256: 720dc96214d779b402d619dc2f18f14b4bea37a093df77927fb9ac6b86bf8a10 perl-XML-Parser-debuginfo-2.47-6.el10_0.1.aarch64.rpm SHA-256: 7d85ff4a5681016947c5d202275340d9819fc370c3ed436e49b5783cd99d3d0d perl-XML-Parser-debugsource-2.47-6.el10_0.1.aarch64.rpm SHA-256: dca13f9bee31468a850bd559f78d9d8e178d0f8ef6c587bafccf0c9bac63c38f Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM perl-XML-Parser-2.47-6.el10_0.1.src.rpm SHA-256: 86272852cf4caf5a19d3334f6e03b57f7c7666c05ed5853854ebb59d07477697 s390x perl-XML-Parser-2.47-6.el10_0.1.s390x.rpm SHA-256: 6d7c07a71f332239862df990584c53bf6e80992c8828cee2ade342f51f84cbfe perl-XML-Parser-debuginfo-2.47-6.el10_0.1.s390x.rpm SHA-256: e56d96b5f6aeffadc8f91632ebbd4a0a65d1b21e9a7c4cbcbd000650590c231e perl-XML-Parser-debugsource-2.47-6.el10_0.1.s390x.rpm SHA-256: 10dd73b830cd12ca41bef1eea94679944f3b6a5404b21a77d580f26786e8802f Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM perl-XML-Parser-2.47-6.el10_0.1.src.rpm SHA-256: 86272852cf4caf5a19d3334f6e03b57f7c7666c05ed5853854ebb59d07477697 ppc64le perl-XML-Parser-2.47-6.el10_0.1.ppc64le.rpm SHA-256: 6172eecc182c7bbbc5f155baf45705884251a91f805353433c3e882975b87c7b perl-XML-Parser-debuginfo-2.47-6.el10_0.1.ppc64le.rpm SHA-256: 4d3427d40048c489546cff463bcc5da53276d5597b9e43e227b301f755b824a2 perl-XML-Parser-debugsource-2.47-6.el10_0.1.ppc64le.rpm SHA-256: db193c11a63a20fb8a37d0c2a724819171f2a400561b91cb9855b865c34d6ba9 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM perl-XML-Parser-2.47-6.el10_0.1.src.rpm SHA-256: 86272852cf4caf5a19d3334f6e03b57f7c7666c05ed5853854ebb59d07477697 x86_64 perl-XML-Parser-2.47-6.el10_0.1.x86_64.rpm SHA-256: e4a210c320578f89c60a9fba8cfa1484c12eb0d6f7696a577b80c7a9922da320 perl-XML-Parser-debuginfo-2.47-6.el10_0.1.x86_64.rpm SHA-256: 40d1c05547507fd751939145a0e74f1f2d9453488b4936db430080f1aa904cc2 perl-XML-Parser-debugsource-2.47-6.el10_0.1.x86_64.rpm SHA-256: 60608c65e668aa51b83bc325870e05322da38700da58fce1b3a0e039214a9cfd The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .