Bug 31678 - perl-Net-Server new security issue CVE-2013-1841
Summary: perl-Net-Server new security issue CVE-2013-1841
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-15 15:51 CET by David Walser
Modified: 2023-03-16 13:26 CET (History)
1 user (show)

See Also:
Source RPM: perl-Net-Server-2.9.0-5.mga8.src.rpm
CVE: CVE-2013-1841
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-03-15 15:51:17 CET 
SUSE has issued an advisory today (March 15):
https://lists.suse.com/pipermail/sle-security-updates/2023-March/014043.html

The issue is fixed upstream in 2.011.
Comment 1 Nicolas Salguero 2023-03-16 13:26:21 CET 
Suggested advisory:
========================

The updated package fixes a security vulnerability:

Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter. (CVE-2013-1841)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1841
https://lists.suse.com/pipermail/sle-security-updates/2023-March/014043.html
========================

Updated package in core/updates_testing:
========================
perl-Net-Server-2.9.0-5.1.mga8

from SRPM:
perl-Net-Server-2.9.0-5.1.mga8.src.rpm

CC: (none) => nicolas.salguero
CVE: (none) => CVE-2013-1841
Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNED
Note You need to log in before you can comment on or make changes to this bug.