openSUSE-SU-2023:0215-1

Опубликовано: 07 авг. 2023

Источник: suse-cvrf

Описание

Security update for perl-Net-Netmask

This update for perl-Net-Netmask fixes the following issues:

CVE-2021-29424: Leading zeros are no longer allowed for IPv4 octets. This (in some situations) allows attackers to bypass access control that is based on IP addresses.(boo#1184425)

Список пакетов

SUSE Package Hub 15 SP4

perl-Net-Netmask-1.9022-bp154.2.3.1

openSUSE Leap 15.4

perl-Net-Netmask-1.9022-bp154.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7UYESPZ25JO4DP7GV5KTIH3W7NKCQ62I/
E-Mail link for openSUSE-SU-2023:0215-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1184425
SUSE Bug 1184425
https://www.suse.com/security/cve/CVE-2021-29424/
SUSE CVE CVE-2021-29424 page

Описание

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Затронутые продукты

SUSE Package Hub 15 SP4:perl-Net-Netmask-1.9022-bp154.2.3.1

openSUSE Leap 15.4:perl-Net-Netmask-1.9022-bp154.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-29424.html
CVE-2021-29424
https://bugzilla.suse.com/1184425
SUSE Bug 1184425

openSUSE-SU-2023:0215-1

Описание

Список пакетов

SUSE Package Hub 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2021-29424

Описание

Затронутые продукты

Ссылки