Possible security problem in CPAN modules / Zlib CVE-2018-25032

Just in case the problem passed you by, Rene "cavac" Schickbauer has a post discussing a Zlib CVE, and the implications for cpan modules:

I have done a casual grep through my local CPAN mirror (yay for local mirrors!), which has given me a list of potentially vulnerable modules. There are over 90 of them. Yes, there are probably a few false negatives and a few false positive, as i didn't have time to go over each distribution in detail.

Please check your CPAN distributions for any use of zlib.c, libz.c, deflate.c, compress.c and similar variants and update as necessary. If at all possible, i would also recommend to switch to either the zlib provided by the operating system or at least coordinate with other CPAN authors to reduce the number of static copies of the zlib libraries spread all over CPAN modules.

Leave a comment

About Martin McGrath

user-pic Likes to use perl to solve problems