openSUSE 16 Security Update : perl-IO-Compress (openSUSE-SU-2026:21177-1)

high Nessus Plugin ID 324886

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21177-1 advisory.

Changes in perl-IO-Compress:

- updated to 2.220.0 (2.220) see /usr/share/doc/packages/perl-IO-Compress/Changes

2.220 16 May 2026
* remove use of eval in globmapper. #73 CVE-2026-48962 bsc#1266382
* Update zipdetails to version 4.006.
CVE-2026-48961 bsc#1266381
* Fix typo in fastForward #72
* Fix issue with rawdeflate` option in AnyInflate. #71

- updated to 2.219.0 (2.219) see /usr/share/doc/packages/perl-IO-Compress/Changes

2.219 9 March 2026
* Fix a few typos
* Squash repeated semicolons
* Make dependent version checking consistent amd update module to version 2.219. Fixes #70 2.218 8 March 2026
* Refresh zipdetails to version 4.005 Sourced from https://github.com/pmqs/zipdetails
* version 2.218
* Add SECURITY.md, Fixes #69
* fix spelling typo
* Refresh Changes file
* Update release date in README
* Refresh zipdetails from https://github.com/pmqs/zipdetails 2.217 1 February 2026
* Update release date in README
* Refresh zipdetails from https://github.com/pmqs/zipdetails
* Delete GZIP environment variable before running interop tests Fixes #24
* Update version to 2.217 2.216 31 January 2026
* Update version to 2.216
* IO::Compress @2.215: t/006zip.t fails due to missing test files #67 2.215 31 January 2026
* Fix version check in 000prereq.t
* Update Changes for 2.215
* Update version to 2.215 & change copyright year to 2026
* Add tests for handling zero and invalid datetime values in unzip functionality. Fix for #65
* Enhance _dosToUnixTime to handle zero and invalid datetime values; add tests for edge cases.
Fixes #65

- updated to 2.214.0 (2.214) see /usr/share/doc/packages/perl-IO-Compress/Changes

2.214 24 October 2025
* version 2.214
* IO::Compress::Gzip accidentally modifies the `$EXPORT_TAGS{all}->@*` of other modules Fixes #64
* Fix indentation in Windows workflow YAML
* Fix indentation in windows.yml exclude section
* Merge pull request #63 from masiuchi/fix/ci-errors
* Exclude Perl 5.42 with strawberry distribution from GitHub Actions
* Update FreeBSD image to 14.3 in Cirrus CI
* Add dependabot.yml file to police workflow files
* Add perl 5.42 to workflow files
* Fix for https://github.com/pmqs/Compress-Raw-Zlib/issues/34
* #59 fix typos in streamzip

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected perl-IO-Compress package.

See Also

https://bugzilla.suse.com/1266381

https://bugzilla.suse.com/1266382

https://www.suse.com/security/cve/CVE-2026-48961

https://www.suse.com/security/cve/CVE-2026-48962

Plugin Details

Severity: High

ID: 324886

File Name: openSUSE-2026-21177-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 7/2/2026

Updated: 7/2/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 96.92

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2026-48962

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:perl-io-compress

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/30/2026

Vulnerability Publication Date: 5/27/2026

Reference Information

CVE: CVE-2026-48961, CVE-2026-48962