Issued:: 2026-04-21
Updated:: 2026-04-21

RHSA-2026:9246 - Security Advisory

Overview
Updated Packages

Synopsis

Important: perl-XML-Parser security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.

Security Fix(es):

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)
perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

BZ - 2448999 - CVE-2006-10003 perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files
BZ - 2449001 - CVE-2006-10002 perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
perl-XML-Parser-2.46-9.el9_0.1.src.rpm	SHA-256: 4b5334bd6de1c6a4ac8c672c6305b3f6df41a644d219d611edaf1ee984975e58
ppc64le
perl-XML-Parser-2.46-9.el9_0.1.ppc64le.rpm	SHA-256: 7a7cbc4b1533a6e5816508f2570a8ca852a6572e31943a8b4ca9ec6d69d988e8
perl-XML-Parser-debuginfo-2.46-9.el9_0.1.ppc64le.rpm	SHA-256: e379d07020025bfeab413799aac5f8ac24e9d262a8d6979f3b6b7226f9fe98c5
perl-XML-Parser-debugsource-2.46-9.el9_0.1.ppc64le.rpm	SHA-256: 22fd00ebec6905c8b100e1352a60b8ab7e171ce24870c5e3d9e088d0f4197e23

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
perl-XML-Parser-2.46-9.el9_0.1.src.rpm	SHA-256: 4b5334bd6de1c6a4ac8c672c6305b3f6df41a644d219d611edaf1ee984975e58
x86_64
perl-XML-Parser-2.46-9.el9_0.1.x86_64.rpm	SHA-256: aa05f3a64ed0610d2e5bd05b58d9207c64cdf29652e141888278e8ade29c3c59
perl-XML-Parser-debuginfo-2.46-9.el9_0.1.x86_64.rpm	SHA-256: ecffe2ef59aa687f4aa8f4aff523b8fb39f0e5e100c48c9bd669b349b7e5b88b
perl-XML-Parser-debugsource-2.46-9.el9_0.1.x86_64.rpm	SHA-256: 8902f124c11771d0560878fb30c33b26c1b66a18b3a945acf72fafdb3365346b

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
perl-XML-Parser-2.46-9.el9_0.1.src.rpm	SHA-256: 4b5334bd6de1c6a4ac8c672c6305b3f6df41a644d219d611edaf1ee984975e58
aarch64
perl-XML-Parser-2.46-9.el9_0.1.aarch64.rpm	SHA-256: 1d108379f009304bde4e40d83772add66b829e751985fe58a9f0d6ee72ad61f7
perl-XML-Parser-debuginfo-2.46-9.el9_0.1.aarch64.rpm	SHA-256: ff125b982c42ff8f98ff0c5736e4981e07bf84b601ac0e9d60cbdfbfd4c3e399
perl-XML-Parser-debugsource-2.46-9.el9_0.1.aarch64.rpm	SHA-256: 0a423a6981515f8e27849e474ee5b21efa5989cb34c5b73ecad00b66bb6c39b0

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
perl-XML-Parser-2.46-9.el9_0.1.src.rpm	SHA-256: 4b5334bd6de1c6a4ac8c672c6305b3f6df41a644d219d611edaf1ee984975e58
s390x
perl-XML-Parser-2.46-9.el9_0.1.s390x.rpm	SHA-256: bdbd2f686bc35c5dfe8f3824fcaf437a390e9d9f1671ffa5e213fa02364c0980
perl-XML-Parser-debuginfo-2.46-9.el9_0.1.s390x.rpm	SHA-256: 433a7e0169de01c6a7c34bfd3cf85ab55bbec2020edf6c329bfd44a48ccc22ca
perl-XML-Parser-debugsource-2.46-9.el9_0.1.s390x.rpm	SHA-256: ae43143fde5234c77fb72fd096349a337152456da8ee23ad027ac550d319261d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation