SUSE Package Hub - openSUSE-2023-217

Update Info

openSUSE-2023-217

Security update for perl-Net-Netmask

Type: security

Severity: moderate

Issued: 2023-08-07

Description:

This update for perl-Net-Netmask fixes the following issues:

* CVE-2021-29424: Leading zeros are no longer allowed for IPv4 octets. This
  (in some situations) allows attackers to bypass access control
  that is based on IP addresses.  (boo#1184425)

References

CVE: CVE-2021-29424
Bugzilla: 1184425 VUL-0: CVE-2021-29424: perl-Net-Netmask: Net::Netmask module does not properly consider extraneous zero characters at the beginning of an IP address string

Packages

perl-Net-Netmask-1.9022-bp155.3.3.1