Red Hat Product Errata RHSA-2025:17162 - Security Advisory
Issued:
2025-10-01
Updated:
2025-10-01

RHSA-2025:17162 - Security Advisory

Synopsis

Moderate: perl-JSON-XS security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for perl-JSON-XS is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C.

Security Fix(es):

  • JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON (CVE-2025-40928)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8 ppc64le
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8 s390x
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8 aarch64
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64

Fixes

  • BZ - 2393878 - CVE-2025-40928 JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON

Red Hat CodeReady Linux Builder for x86_64 9

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
x86_64
perl-JSON-XS-4.04-1.el9_6.x86_64.rpm SHA-256: ae02e7bdeb33ff514fa49040e5de3358ad1108b89ddff307c9c0b9a9d91166aa
perl-JSON-XS-debuginfo-4.04-1.el9_6.x86_64.rpm SHA-256: 49de25230cccbe69c8e3f66195da627ea2b002abefca81d7c99c57792108515e
perl-JSON-XS-debugsource-4.04-1.el9_6.x86_64.rpm SHA-256: f99985e5ffb58f13393ec48fd859d2907aaf3400a81bc866962d12d544d7a016

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
ppc64le
perl-JSON-XS-4.04-1.el9_6.ppc64le.rpm SHA-256: 3174b6fe25d837999b4cd018c9f047394778720b00bdfa3f14b29ac5ccd07e0f
perl-JSON-XS-debuginfo-4.04-1.el9_6.ppc64le.rpm SHA-256: 2b97bd7b7e64ad466516d98564a8ef65aa369284a10fa2c49e11c88651965136
perl-JSON-XS-debugsource-4.04-1.el9_6.ppc64le.rpm SHA-256: 7256fb91e36e58fb15601599b8fd497388eed04171247fc65d68145521e161e7

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
aarch64
perl-JSON-XS-4.04-1.el9_6.aarch64.rpm SHA-256: 4cc4247c2c502dfe3b6858247ba8bd2954de679b91e67366d6f18a12aad0fa72
perl-JSON-XS-debuginfo-4.04-1.el9_6.aarch64.rpm SHA-256: 1f1b1f0bafb08b9ac3647f8b3c35690c0686703603d11fa81acbec251eb460b2
perl-JSON-XS-debugsource-4.04-1.el9_6.aarch64.rpm SHA-256: d1efc131bd87f6c3fa40cef40f70e30bd0345283fe154656443a65ece3b6ec38

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
s390x
perl-JSON-XS-4.04-1.el9_6.s390x.rpm SHA-256: 86b591c94b790111b4421ac35002f1b440bdc93e85df068f245bcf453c95ff9d
perl-JSON-XS-debuginfo-4.04-1.el9_6.s390x.rpm SHA-256: cb98324dcaf776d37b9c731663e199dd33c13e57ef4615244579b7f932ffc26f
perl-JSON-XS-debugsource-4.04-1.el9_6.s390x.rpm SHA-256: 5386dadf6e2b949f4c32acbddeae897c951102e50ed704c9d2136598c3cc82ec

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
x86_64
perl-JSON-XS-4.04-1.el9_6.x86_64.rpm SHA-256: ae02e7bdeb33ff514fa49040e5de3358ad1108b89ddff307c9c0b9a9d91166aa
perl-JSON-XS-debuginfo-4.04-1.el9_6.x86_64.rpm SHA-256: 49de25230cccbe69c8e3f66195da627ea2b002abefca81d7c99c57792108515e
perl-JSON-XS-debugsource-4.04-1.el9_6.x86_64.rpm SHA-256: f99985e5ffb58f13393ec48fd859d2907aaf3400a81bc866962d12d544d7a016

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
x86_64
perl-JSON-XS-4.04-1.el9_6.x86_64.rpm SHA-256: ae02e7bdeb33ff514fa49040e5de3358ad1108b89ddff307c9c0b9a9d91166aa
perl-JSON-XS-debuginfo-4.04-1.el9_6.x86_64.rpm SHA-256: 49de25230cccbe69c8e3f66195da627ea2b002abefca81d7c99c57792108515e
perl-JSON-XS-debugsource-4.04-1.el9_6.x86_64.rpm SHA-256: f99985e5ffb58f13393ec48fd859d2907aaf3400a81bc866962d12d544d7a016

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
ppc64le
perl-JSON-XS-4.04-1.el9_6.ppc64le.rpm SHA-256: 3174b6fe25d837999b4cd018c9f047394778720b00bdfa3f14b29ac5ccd07e0f
perl-JSON-XS-debuginfo-4.04-1.el9_6.ppc64le.rpm SHA-256: 2b97bd7b7e64ad466516d98564a8ef65aa369284a10fa2c49e11c88651965136
perl-JSON-XS-debugsource-4.04-1.el9_6.ppc64le.rpm SHA-256: 7256fb91e36e58fb15601599b8fd497388eed04171247fc65d68145521e161e7

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
ppc64le
perl-JSON-XS-4.04-1.el9_6.ppc64le.rpm SHA-256: 3174b6fe25d837999b4cd018c9f047394778720b00bdfa3f14b29ac5ccd07e0f
perl-JSON-XS-debuginfo-4.04-1.el9_6.ppc64le.rpm SHA-256: 2b97bd7b7e64ad466516d98564a8ef65aa369284a10fa2c49e11c88651965136
perl-JSON-XS-debugsource-4.04-1.el9_6.ppc64le.rpm SHA-256: 7256fb91e36e58fb15601599b8fd497388eed04171247fc65d68145521e161e7

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
s390x
perl-JSON-XS-4.04-1.el9_6.s390x.rpm SHA-256: 86b591c94b790111b4421ac35002f1b440bdc93e85df068f245bcf453c95ff9d
perl-JSON-XS-debuginfo-4.04-1.el9_6.s390x.rpm SHA-256: cb98324dcaf776d37b9c731663e199dd33c13e57ef4615244579b7f932ffc26f
perl-JSON-XS-debugsource-4.04-1.el9_6.s390x.rpm SHA-256: 5386dadf6e2b949f4c32acbddeae897c951102e50ed704c9d2136598c3cc82ec

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
s390x
perl-JSON-XS-4.04-1.el9_6.s390x.rpm SHA-256: 86b591c94b790111b4421ac35002f1b440bdc93e85df068f245bcf453c95ff9d
perl-JSON-XS-debuginfo-4.04-1.el9_6.s390x.rpm SHA-256: cb98324dcaf776d37b9c731663e199dd33c13e57ef4615244579b7f932ffc26f
perl-JSON-XS-debugsource-4.04-1.el9_6.s390x.rpm SHA-256: 5386dadf6e2b949f4c32acbddeae897c951102e50ed704c9d2136598c3cc82ec

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
aarch64
perl-JSON-XS-4.04-1.el9_6.aarch64.rpm SHA-256: 4cc4247c2c502dfe3b6858247ba8bd2954de679b91e67366d6f18a12aad0fa72
perl-JSON-XS-debuginfo-4.04-1.el9_6.aarch64.rpm SHA-256: 1f1b1f0bafb08b9ac3647f8b3c35690c0686703603d11fa81acbec251eb460b2
perl-JSON-XS-debugsource-4.04-1.el9_6.aarch64.rpm SHA-256: d1efc131bd87f6c3fa40cef40f70e30bd0345283fe154656443a65ece3b6ec38

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6

SRPM
perl-JSON-XS-4.04-1.el9_6.src.rpm SHA-256: 1ce08d3f0b2b3fc305b4e7248e12beb6c624073b0a1545965424ce00454fd3e7
aarch64
perl-JSON-XS-4.04-1.el9_6.aarch64.rpm SHA-256: 4cc4247c2c502dfe3b6858247ba8bd2954de679b91e67366d6f18a12aad0fa72
perl-JSON-XS-debuginfo-4.04-1.el9_6.aarch64.rpm SHA-256: 1f1b1f0bafb08b9ac3647f8b3c35690c0686703603d11fa81acbec251eb460b2
perl-JSON-XS-debugsource-4.04-1.el9_6.aarch64.rpm SHA-256: d1efc131bd87f6c3fa40cef40f70e30bd0345283fe154656443a65ece3b6ec38

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.