Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN262
_____________________________________________________________________

DATE                : 06/03/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Compress::Raw::Zlib versions
                                  prior to 2.220.

=====================================================================
https://lists.security.metacpan.org/cve-announce/msg/37638919/
_____________________________________________________________________


========================================================================
CVE-2026-3381                                        CPAN Security Group
========================================================================

         CVE ID:  CVE-2026-3381
   Distribution:  Compress-Raw-Zlib
       Versions:  through 2.219

       MetaCPAN:  https://metacpan.org/dist/Compress-Raw-Zlib
       VCS Repo:  https://github.com/pmqs/Compress-Raw-Zlib


Compress::Raw::Zlib versions through 2.219 for Perl use potentially
insecure versions of zlib

Description
-----------
Compress::Raw::Zlib versions through 2.219 for Perl use potentially
insecure versions of zlib.

Compress::Raw::Zlib includes a copy of the zlib library.
Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses
findings fron the 7ASecurity audit of zlib. The includes fixs for
CVE-2026-27171.

Problem types
-------------
- CWE-1395 Dependency on Vulnerable Third-Party Component

Solutions
---------
Upgrade to Compress::Raw::Zlib 2.220 or later.


References
----------
https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
https://www.zlib.net/
https://github.com/madler/zlib
https://github.com/madler/zlib/releases/tag/v1.3.2
https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/
https://www.cve.org/CVERecord?id=CVE-2026-27171

Timeline
--------
- 2026-02-17: zlib 1.3.2 released.
- 2026-02-27: Compress::Raw::Zlib 2.220 released.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================