Fedora has issued an advisory on April 6: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/ The issue is fixed upstream in 2.0. Mageia 7 is also affected.
Status comment: (none) => Fixed upstream in 2.0Whiteboard: (none) => MGA7TOO
Removing Mageia 7 from whiteboard due to EOL: https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Whiteboard: MGA7TOO => (none)
New version pushed in mga8 src: - perl-Net-Netmask-2.0.100-1.mga8
Status comment: Fixed upstream in 2.0 => (none)Assignee: thierry.vignaud => qa-bugsCC: (none) => mageia
Advisory: ======================== Updated perl-Net-Netmask package fixes a security vulnerability: The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses (CVE-2021-29424). References: - https://bugs.mageia.org/show_bug.cgi?id=29023 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29424 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CBJVLXJSWN6DKSF5ADUEERI6M23R3GGP/ ======================== Updated package in core/updates_testing: ======================== perl-Net-Netmask-2.0.100-1.mga8 from SRPM: perl-Net-Netmask-2.0.100-1.mga8.src.rpm
CC: (none) => ouaurelien
MGA8-64 Plasma on Lenovo B50 No installation issues. OK on clean install.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating.
Keywords: (none) => advisory, validated_updateCVE: (none) => CVE-2021-29424CC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0375.html
Status: NEW => RESOLVEDResolution: (none) => FIXED