MGASA-2021-0376 - Updated perl-Net-CIDR-Lite package fixes a security vulnerability

Publication date: 27 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0376.html
Type: security
Affected Mageia releases: 8

It was discovered that the perl Net-CIDR-Lite module did not correctly handle
IP addresses with IP octets containing leading zeros. Leading zeros were ignored,
while the underlying system can treat such octets as octal numbers and interpret
them differently.  For example, IP address of 010.0.0.1 was considered by Net
CIDR-Lite to be the same address as 10.0.0.1, while system may consider it to be
IP address 8.0.0.1 (rhbz# 1961865).

References:
- https://bugs.mageia.org/show_bug.cgi?id=29025
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/LDO7X4TBRIVL4G3GLZBEHFXC7IXMBAMW/
- https://bugzilla.redhat.com/show_bug.cgi?id=1961865

SRPMS:
- 8/core/perl-Net-CIDR-Lite-0.220.0-1.mga8