Fedora Account System
Red Hat Associate
Red Hat Customer
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through eval STRING. A literal double quote in the output glob closes the dquote wrapper, and the characters that follow are evaluated as Perl. Arbitrary Perl in the output glob executes at the calling process's privilege.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:29210 https://access.redhat.com/errata/RHSA-2026:29210
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:29182 https://access.redhat.com/errata/RHSA-2026:29182
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:29867 https://access.redhat.com/errata/RHSA-2026:29867
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:29941 https://access.redhat.com/errata/RHSA-2026:29941
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:30086 https://access.redhat.com/errata/RHSA-2026:30086
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:30115 https://access.redhat.com/errata/RHSA-2026:30115
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:30085 https://access.redhat.com/errata/RHSA-2026:30085
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:30843 https://access.redhat.com/errata/RHSA-2026:30843
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:30858 https://access.redhat.com/errata/RHSA-2026:30858
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:30851 https://access.redhat.com/errata/RHSA-2026:30851
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:30859 https://access.redhat.com/errata/RHSA-2026:30859
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:30860 https://access.redhat.com/errata/RHSA-2026:30860