A critical memory corruption vulnerability (CVE-2006-10003, CVSS 9.8) and a high-severity heap corruption flaw (CVE-2006-10002, CVSS 7.5) in the perl-XML-Parser module allow denial of service and potential code execution via crafted, deeply nested XML input. The vulnerabilities affect all versions of XML::Parser prior to version 2.48. The fix requires applying the Red Hat security update to upgrade the affected package to the patched version.
Red Hat Product Errata RHSA-2026:9605 - Security Advisory Issued: 2026-04-22 Updated: 2026-04-22 RHSA-2026:9605 - Security Advisory Overview Updated Packages Synopsis Important: perl-XML-Parser security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time. Security Fix(es): perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003) perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2448999 - CVE-2006-10003 perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files BZ - 2449001 - CVE-2006-10002 perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input CVEs CVE-2006-10002 CVE-2006-10003 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e x86_64 perl-XML-Parser-2.46-9.el9_6.1.x86_64.rpm SHA-256: 7ec4f5d02fd1de1da4a1ea22caac799c0e4e36d95e60346903d7fca3ff88448a perl-XML-Parser-debuginfo-2.46-9.el9_6.1.x86_64.rpm SHA-256: 660d058c029eb0d85b1b2f4751975175c9eb8cd5df557ef7000461fbe3dab5a6 perl-XML-Parser-debugsource-2.46-9.el9_6.1.x86_64.rpm SHA-256: 53ca341a8a9c4380acd980359af78f310f200fabd128677e11b4fb6f56d38994 Red Hat Enterprise Linux Server - AUS 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e x86_64 perl-XML-Parser-2.46-9.el9_6.1.x86_64.rpm SHA-256: 7ec4f5d02fd1de1da4a1ea22caac799c0e4e36d95e60346903d7fca3ff88448a perl-XML-Parser-debuginfo-2.46-9.el9_6.1.x86_64.rpm SHA-256: 660d058c029eb0d85b1b2f4751975175c9eb8cd5df557ef7000461fbe3dab5a6 perl-XML-Parser-debugsource-2.46-9.el9_6.1.x86_64.rpm SHA-256: 53ca341a8a9c4380acd980359af78f310f200fabd128677e11b4fb6f56d38994 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e s390x perl-XML-Parser-2.46-9.el9_6.1.s390x.rpm SHA-256: 980047870d032f269deb36aaf1bb08ec748e62a6a12dafc6f691465e5be83944 perl-XML-Parser-debuginfo-2.46-9.el9_6.1.s390x.rpm SHA-256: 76d3391845363084101a49d38bd0c83eceef5956d7e384eca9fffff09b95cb47 perl-XML-Parser-debugsource-2.46-9.el9_6.1.s390x.rpm SHA-256: 7b4a1b1f983a2ea5bf44aed6a720614cfbe5a7edbf16fc19ecbc70c95ab357de Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e ppc64le perl-XML-Parser-2.46-9.el9_6.1.ppc64le.rpm SHA-256: 9aad05c3111ca90fe72d175d88cc4dfbc8f8d64b4786bde458254beea40d301d perl-XML-Parser-debuginfo-2.46-9.el9_6.1.ppc64le.rpm SHA-256: 3e0fc2d9fcca0266d00f87c853434c0c0de700f0ff9331c6a96b6aff2e3214c8 perl-XML-Parser-debugsource-2.46-9.el9_6.1.ppc64le.rpm SHA-256: 221b780bff138808e1ff948cf5c58a93fc4402b47353da279f3fb00e99e95b6f Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e aarch64 perl-XML-Parser-2.46-9.el9_6.1.aarch64.rpm SHA-256: 84f32d5af040a4fa70fd595b1cb7f04acc75a7262355bc6aa3c003be0a46ca2e perl-XML-Parser-debuginfo-2.46-9.el9_6.1.aarch64.rpm SHA-256: d2da04722e05a294a11b9dcb5bb952ec418c650b6df5ef9259ee9faa95292c8f perl-XML-Parser-debugsource-2.46-9.el9_6.1.aarch64.rpm SHA-256: 5451dfd5d075561dcb447223480f0f10d060d7f6f6772d483086e7ffcbe44489 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e ppc64le perl-XML-Parser-2.46-9.el9_6.1.ppc64le.rpm SHA-256: 9aad05c3111ca90fe72d175d88cc4dfbc8f8d64b4786bde458254beea40d301d perl-XML-Parser-debuginfo-2.46-9.el9_6.1.ppc64le.rpm SHA-256: 3e0fc2d9fcca0266d00f87c853434c0c0de700f0ff9331c6a96b6aff2e3214c8 perl-XML-Parser-debugsource-2.46-9.el9_6.1.ppc64le.rpm SHA-256: 221b780bff138808e1ff948cf5c58a93fc4402b47353da279f3fb00e99e95b6f Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e x86_64 perl-XML-Parser-2.46-9.el9_6.1.x86_64.rpm SHA-256: 7ec4f5d02fd1de1da4a1ea22caac799c0e4e36d95e60346903d7fca3ff88448a perl-XML-Parser-debuginfo-2.46-9.el9_6.1.x86_64.rpm SHA-256: 660d058c029eb0d85b1b2f4751975175c9eb8cd5df557ef7000461fbe3dab5a6 perl-XML-Parser-debugsource-2.46-9.el9_6.1.x86_64.rpm SHA-256: 53ca341a8a9c4380acd980359af78f310f200fabd128677e11b4fb6f56d38994 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e aarch64 perl-XML-Parser-2.46-9.el9_6.1.aarch64.rpm SHA-256: 84f32d5af040a4fa70fd595b1cb7f04acc75a7262355bc6aa3c003be0a46ca2e perl-XML-Parser-debuginfo-2.46-9.el9_6.1.aarch64.rpm SHA-256: d2da04722e05a294a11b9dcb5bb952ec418c650b6df5ef9259ee9faa95292c8f perl-XML-Parser-debugsource-2.46-9.el9_6.1.aarch64.rpm SHA-256: 5451dfd5d075561dcb447223480f0f10d060d7f6f6772d483086e7ffcbe44489 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e s390x perl-XML-Parser-2.46-9.el9_6.1.s390x.rpm SHA-256: 980047870d032f269deb36aaf1bb08ec748e62a6a12dafc6f691465e5be83944 perl-XML-Parser-debuginfo-2.46-9.el9_6.1.s390x.rpm SHA-256: 76d3391845363084101a49d38bd0c83eceef5956d7e384eca9fffff09b95cb47 perl-XML-Parser-debugsource-2.46-9.el9_6.1.s390x.rpm SHA-256: 7b4a1b1f983a2ea5bf44aed6a720614cfbe5a7edbf16fc19ecbc70c95ab357de Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e x86_64 perl-XML-Parser-2.46-9.el9_6.1.x86_64.rpm SHA-256: 7ec4f5d02fd1de1da4a1ea22caac799c0e4e36d95e60346903d7fca3ff88448a perl-XML-Parser-debuginfo-2.46-9.el9_6.1.x86_64.rpm SHA-256: 660d058c029eb0d85b1b2f4751975175c9eb8cd5df557ef7000461fbe3dab5a6 perl-XML-Parser-debugsource-2.46-9.el9_6.1.x86_64.rpm SHA-256: 53ca341a8a9c4380acd980359af78f310f200fabd128677e11b4fb6f56d38994 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e aarch64 perl-XML-Parser-2.46-9.el9_6.1.aarch64.rpm SHA-256: 84f32d5af040a4fa70fd595b1cb7f04acc75a7262355bc6aa3c003be0a46ca2e perl-XML-Parser-debuginfo-2.46-9.el9_6.1.aarch64.rpm SHA-256: d2da04722e05a294a11b9dcb5bb952ec418c650b6df5ef9259ee9faa95292c8f perl-XML-Parser-debugsource-2.46-9.el9_6.1.aarch64.rpm SHA-256: 5451dfd5d075561dcb447223480f0f10d060d7f6f6772d483086e7ffcbe44489 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 SRPM perl-XML-Parser-2.46-9.el9_6.1.src.rpm SHA-256: 712a5069cc5e3863ce0c84dacb69850ed20ce354d992a3f8773f577d6aa6801e ppc64le perl-XML-Parser-2.46-9.el9_6.1.ppc64le.rpm SHA-256: 9aad05c3111ca90fe72d175d88cc4dfbc8f8d64b4786bde458254beea40d301d perl-XML-Parser-debuginfo-2.46-9.el9_6.1.ppc64le.rpm SHA-256: 3e0fc2d9fcca0266d00f87c853434c0c0de700f0ff9331c6a96b6aff2e3214c8 per