Net::CIDR::Lite vulnerabilities
Published: Mon, 08 Jun 2026 16:06
Summary
Several security issues were fixed in Net::CIDR::Lite.
Details
Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero characters at the beginning of an IP address string. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-47154) It was discovered that Net::CIDR::Lite did not properly validate the IPv6 group count when handling uncompressed IPv6 addresses. A remote attacker could possibly use this issue to bypass access controls. (CVE-2026-40198) It was discovered that Net::CIDR::Lite mishandled IPv4 mapped IPv6 addresses. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. (CVE-2026-40199)
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu bionic
libnet-cidr-lite-perl→0.21-1ubuntu0.18.04.1~esm1apt_upgrade_esmFixed at 0.21-1ubuntu0.18.04.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl=0.21-1ubuntu0.18.04.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libnet-cidr-lite-perl→0.21-1ubuntu0.18.04.1~esm1apt_upgrade_esmFixed at 0.21-1ubuntu0.18.04.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl=0.21-1ubuntu0.18.04.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu focal
libnet-cidr-lite-perl→0.21-2ubuntu0.1+esm1apt_upgradeStandard apt upgrade. Install 0.21-2ubuntu0.1+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl
Most apt upgrades restart their service automatically. needrestart lists anything else.
libnet-cidr-lite-perl→0.21-2ubuntu0.1+esm1apt_upgradeStandard apt upgrade. Install 0.21-2ubuntu0.1+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu jammy
libnet-cidr-lite-perl→0.22-1ubuntu0.1apt_upgradeStandard apt upgrade. Install 0.22-1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl
Most apt upgrades restart their service automatically. needrestart lists anything else.
libnet-cidr-lite-perl→0.22-1ubuntu0.1apt_upgradeStandard apt upgrade. Install 0.22-1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu noble
libnet-cidr-lite-perl→0.22-2ubuntu0.24.04.1apt_upgradeStandard apt upgrade. Install 0.22-2ubuntu0.24.04.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl
Most apt upgrades restart their service automatically. needrestart lists anything else.
libnet-cidr-lite-perl→0.22-2ubuntu0.24.04.1apt_upgradeStandard apt upgrade. Install 0.22-2ubuntu0.24.04.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu questing
libnet-cidr-lite-perl→0.22-2ubuntu0.25.10.1apt_upgradeStandard apt upgrade. Install 0.22-2ubuntu0.25.10.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl
Most apt upgrades restart their service automatically. needrestart lists anything else.
libnet-cidr-lite-perl→0.22-2ubuntu0.25.10.1apt_upgradeStandard apt upgrade. Install 0.22-2ubuntu0.25.10.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu resolute
libnet-cidr-lite-perl→0.22-2ubuntu0.26.04.1apt_upgradeStandard apt upgrade. Install 0.22-2ubuntu0.26.04.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl
Most apt upgrades restart their service automatically. needrestart lists anything else.
libnet-cidr-lite-perl→0.22-2ubuntu0.26.04.1apt_upgradeStandard apt upgrade. Install 0.22-2ubuntu0.26.04.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu xenial
libnet-cidr-lite-perl→0.21-1ubuntu0.16.04.1~esm1apt_upgrade_esmFixed at 0.21-1ubuntu0.16.04.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl=0.21-1ubuntu0.16.04.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libnet-cidr-lite-perl→0.21-1ubuntu0.16.04.1~esm1apt_upgrade_esmFixed at 0.21-1ubuntu0.16.04.1~esm1 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libnet-cidr-lite-perl=0.21-1ubuntu0.16.04.1~esm1
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Are YOU affected by USN-8406-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8406-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.