bug#47624: Various IP handling perl packages may be vulnerable

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47624: Various IP handling perl packages may be vulnerable

From:	Léo Le Bouter
Subject:	bug#47624: Various IP handling perl packages may be vulnerable
Date:	Tue, 06 Apr 2021 21:05:33 +0200
User-agent:	Evolution 3.34.2

Read: 
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/

I have not had time to investigate deeply, posting here so the info is
not lost. I have already fixed one issue related to perl-data-validate-
ip in 8ec03ed5475ca7919a7d11541ff8cbf33a9ffe67, but it seems there's
several others.

One as CVE recently:

CVE-2021-29424  18:15
The Net::Netmask module before 2.0000 for Perl does not properly
consider extraneous zero characters at the beginning of an IP address
string, which (in some situations) allows attackers to bypass access
control that is based on IP addresses.

Can't find a corresponding package in GNU Guix.

To be continued!
Léo

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47624: Various IP handling perl packages may be vulnerable, Léo Le Bouter <=

Prev by Date: bug#47486: runc: hash mismatch
Next by Date: bug#43388: sxiv gif support is not working
Previous by thread: bug#47486: runc: hash mismatch
Next by thread: bug#43388: sxiv gif support is not working
Index(es):
- Date
- Thread