Red Hat Product Errata RHSA-2026:9246 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9246 - Security Advisory Overview Updated Packages Synopsis Important: perl-XML-Parser security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time. Security Fix(es): perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003) perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2448999 - CVE-2006-10003 perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files BZ - 2449001 - CVE-2006-10002 perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input CVEs CVE-2006-10002 CVE-2006-10003 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM perl-XML-Parser-2.46-9.el9_0.1.src.rpm SHA-256: 4b5334bd6de1c6a4ac8c672c6305b3f6df41a644d219d611edaf1ee984975e58 ppc64le perl-XML-Parser-2.46-9.el9_0.1.ppc64le.rpm SHA-256: 7a7cbc4b1533a6e5816508f2570a8ca852a6572e31943a8b4ca9ec6d69d988e8 perl-XML-Parser-debuginfo-2.46-9.el9_0.1.ppc64le.rpm SHA-256: e379d07020025bfeab413799aac5f8ac24e9d262a8d6979f3b6b7226f9fe98c5 perl-XML-Parser-debugsource-2.46-9.el9_0.1.ppc64le.rpm SHA-256: 22fd00ebec6905c8b100e1352a60b8ab7e171ce24870c5e3d9e088d0f4197e23 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM perl-XML-Parser-2.46-9.el9_0.1.src.rpm SHA-256: 4b5334bd6de1c6a4ac8c672c6305b3f6df41a644d219d611edaf1ee984975e58 x86_64 perl-XML-Parser-2.46-9.el9_0.1.x86_64.rpm SHA-256: aa05f3a64ed0610d2e5bd05b58d9207c64cdf29652e141888278e8ade29c3c59 perl-XML-Parser-debuginfo-2.46-9.el9_0.1.x86_64.rpm SHA-256: ecffe2ef59aa687f4aa8f4aff523b8fb39f0e5e100c48c9bd669b349b7e5b88b perl-XML-Parser-debugsource-2.46-9.el9_0.1.x86_64.rpm SHA-256: 8902f124c11771d0560878fb30c33b26c1b66a18b3a945acf72fafdb3365346b Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM perl-XML-Parser-2.46-9.el9_0.1.src.rpm SHA-256: 4b5334bd6de1c6a4ac8c672c6305b3f6df41a644d219d611edaf1ee984975e58 aarch64 perl-XML-Parser-2.46-9.el9_0.1.aarch64.rpm SHA-256: 1d108379f009304bde4e40d83772add66b829e751985fe58a9f0d6ee72ad61f7 perl-XML-Parser-debuginfo-2.46-9.el9_0.1.aarch64.rpm SHA-256: ff125b982c42ff8f98ff0c5736e4981e07bf84b601ac0e9d60cbdfbfd4c3e399 perl-XML-Parser-debugsource-2.46-9.el9_0.1.aarch64.rpm SHA-256: 0a423a6981515f8e27849e474ee5b21efa5989cb34c5b73ecad00b66bb6c39b0 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM perl-XML-Parser-2.46-9.el9_0.1.src.rpm SHA-256: 4b5334bd6de1c6a4ac8c672c6305b3f6df41a644d219d611edaf1ee984975e58 s390x perl-XML-Parser-2.46-9.el9_0.1.s390x.rpm SHA-256: bdbd2f686bc35c5dfe8f3824fcaf437a390e9d9f1671ffa5e213fa02364c0980 perl-XML-Parser-debuginfo-2.46-9.el9_0.1.s390x.rpm SHA-256: 433a7e0169de01c6a7c34bfd3cf85ab55bbec2020edf6c329bfd44a48ccc22ca perl-XML-Parser-debugsource-2.46-9.el9_0.1.s390x.rpm SHA-256: ae43143fde5234c77fb72fd096349a337152456da8ee23ad027ac550d319261d The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .