UbuntuUpdates.org

Package "libnet-cidr-lite-perl"

Name: libnet-cidr-lite-perl

Description:

module for merging IPv4 or IPv6 CIDR address ranges
Latest version: 0.22-2ubuntu0.24.04.2
Release: noble (24.04)
Level: security
Repository: main
Homepage: https://metacpan.org/release/Net-CIDR-Lite

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libnet-cidr-lite-perl"

All arch deb package
APT INSTALL

Other versions of "libnet-cidr-lite-perl" in Noble

Repository Area Version
base main 0.22-2
updates main 0.22-2ubuntu0.24.04.2

Changelog

Version: 0.22-2ubuntu0.24.04.2 2026-06-18 18:07:34 UTC

  libnet-cidr-lite-perl (0.22-2ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: ACL bypass via find()
    - debian/patches/CVE-2026-45190.patch: Reject Unicode digits and trailing
      newlines in parsers in Lite.pm
    - debian/patches/CVE-2026-45191.patch: Reject zero-padded CIDR masks in
      Lite.pm
    - CVE-2026-45190
    - CVE-2026-45191

 -- Kyle Kernick <email address hidden> Wed, 17 Jun 2026 13:29:20 -0600
Source diff to previous version
CVE-2026-45190 Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs cont
CVE-2026-45191 Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypas

Version: 0.22-2ubuntu0.24.04.1 2026-06-08 19:07:35 UTC

  libnet-cidr-lite-perl (0.22-2ubuntu0.24.04.1) noble-security; urgency=medium

  * SECURITY UPDATE: IP ACL Bypass via find()
    - debian/patches/CVE-2026-40198.patch: Reject uncompressed IPv6 addresses
      with fewer than 8 groups in Lite.pm
    - debian/patches/CVE-2026-40199.patch: Do not include sentinel byte when
      packing IPv4 mapped addresses in Lite.pm
    - CVE-2026-40198
    - CVE-2026-40199

 -- Kyle Kernick <email address hidden> Fri, 05 Jun 2026 10:03:43 -0600
CVE-2026-40198 Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that un
CVE-2026-40199 Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentin


About   -   Send Feedback to @ubuntu_updates