An update for perl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1631 Final 1.0 1.0 2025-06-13 Initial 2025-06-13 2025-06-13 openEuler SA Tool V1.0 2025-06-13 perl security update An update for perl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1 Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fix(es): Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6(CVE-2025-40909) An update for perl is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium perl https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1631 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 perl-5.28.3-11.oe2003sp4.aarch64.rpm perl-debuginfo-5.28.3-11.oe2003sp4.aarch64.rpm perl-debugsource-5.28.3-11.oe2003sp4.aarch64.rpm perl-devel-5.28.3-11.oe2003sp4.aarch64.rpm perl-libs-5.28.3-11.oe2003sp4.aarch64.rpm perl-5.34.0-16.oe2203sp3.aarch64.rpm perl-debuginfo-5.34.0-16.oe2203sp3.aarch64.rpm perl-debugsource-5.34.0-16.oe2203sp3.aarch64.rpm perl-devel-5.34.0-16.oe2203sp3.aarch64.rpm perl-libs-5.34.0-16.oe2203sp3.aarch64.rpm perl-5.34.0-14.oe2203sp4.aarch64.rpm perl-debuginfo-5.34.0-14.oe2203sp4.aarch64.rpm perl-debugsource-5.34.0-14.oe2203sp4.aarch64.rpm perl-devel-5.34.0-14.oe2203sp4.aarch64.rpm perl-libs-5.34.0-14.oe2203sp4.aarch64.rpm perl-5.38.0-10.oe2403.aarch64.rpm perl-debuginfo-5.38.0-10.oe2403.aarch64.rpm perl-debugsource-5.38.0-10.oe2403.aarch64.rpm perl-devel-5.38.0-10.oe2403.aarch64.rpm perl-libs-5.38.0-10.oe2403.aarch64.rpm perl-5.38.0-10.oe2403sp1.aarch64.rpm perl-debuginfo-5.38.0-10.oe2403sp1.aarch64.rpm perl-debugsource-5.38.0-10.oe2403sp1.aarch64.rpm perl-devel-5.38.0-10.oe2403sp1.aarch64.rpm perl-libs-5.38.0-10.oe2403sp1.aarch64.rpm perl-5.28.3-11.oe2003sp4.src.rpm perl-5.34.0-16.oe2203sp3.src.rpm perl-5.34.0-14.oe2203sp4.src.rpm perl-5.38.0-10.oe2403.src.rpm perl-5.38.0-10.oe2403sp1.src.rpm perl-5.28.3-11.oe2003sp4.x86_64.rpm perl-debuginfo-5.28.3-11.oe2003sp4.x86_64.rpm perl-debugsource-5.28.3-11.oe2003sp4.x86_64.rpm perl-devel-5.28.3-11.oe2003sp4.x86_64.rpm perl-libs-5.28.3-11.oe2003sp4.x86_64.rpm perl-5.34.0-16.oe2203sp3.x86_64.rpm perl-debuginfo-5.34.0-16.oe2203sp3.x86_64.rpm perl-debugsource-5.34.0-16.oe2203sp3.x86_64.rpm perl-devel-5.34.0-16.oe2203sp3.x86_64.rpm perl-libs-5.34.0-16.oe2203sp3.x86_64.rpm perl-5.34.0-14.oe2203sp4.x86_64.rpm perl-debuginfo-5.34.0-14.oe2203sp4.x86_64.rpm perl-debugsource-5.34.0-14.oe2203sp4.x86_64.rpm perl-devel-5.34.0-14.oe2203sp4.x86_64.rpm perl-libs-5.34.0-14.oe2203sp4.x86_64.rpm perl-5.38.0-10.oe2403.x86_64.rpm perl-debuginfo-5.38.0-10.oe2403.x86_64.rpm perl-debugsource-5.38.0-10.oe2403.x86_64.rpm perl-devel-5.38.0-10.oe2403.x86_64.rpm perl-libs-5.38.0-10.oe2403.x86_64.rpm perl-5.38.0-10.oe2403sp1.x86_64.rpm perl-debuginfo-5.38.0-10.oe2403sp1.x86_64.rpm perl-debugsource-5.38.0-10.oe2403sp1.x86_64.rpm perl-devel-5.38.0-10.oe2403sp1.x86_64.rpm perl-libs-5.38.0-10.oe2403sp1.x86_64.rpm perl-help-5.28.3-11.oe2003sp4.noarch.rpm perl-help-5.34.0-16.oe2203sp3.noarch.rpm perl-help-5.34.0-14.oe2203sp4.noarch.rpm perl-help-5.38.0-10.oe2403.noarch.rpm perl-help-5.38.0-10.oe2403sp1.noarch.rpm Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 2025-06-13 CVE-2025-40909 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 Medium 5.9 AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L perl security update 2025-06-13 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1631