Advisories » MGASA-2021-0376

Updated perl-Net-CIDR-Lite package fixes a security vulnerability

Publication date: 27 Jul 2021
Modification date: 27 Jul 2021
Type: security
Affected Mageia releases : 8

Description

It was discovered that the perl Net-CIDR-Lite module did not correctly handle
IP addresses with IP octets containing leading zeros. Leading zeros were ignored,
while the underlying system can treat such octets as octal numbers and interpret
them differently.  For example, IP address of 010.0.0.1 was considered by Net
CIDR-Lite to be the same address as 10.0.0.1, while system may consider it to be
IP address 8.0.0.1 (rhbz# 1961865).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29025
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LDO7X4TBRIVL4G3GLZBEHFXC7IXMBAMW/
• https://bugzilla.redhat.com/show_bug.cgi?id=1961865

SRPMS

8/core

• perl-Net-CIDR-Lite-0.220.0-1.mga8