openSUSE Security Update: Security update for perl-Module-Signature ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:0163-1 Rating: moderate References: #928382 Cross-References: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update to perl-Module-Signature 0.79 fixes the following security issues: * More protection of @INC from relative paths. (CVE-2015-3409) * Fix GPG signature parsing logic. (CVE-2015-3406) * MANIFEST.SKIP is no longer consulted unless --skip is given. (CVE-2015-3407) * Properly use open() modes to avoid injection attacks. (CVE-2015-3408) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-61=1 - openSUSE 13.1: zypper in -t patch openSUSE-2016-61=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (noarch): perl-Module-Signature-0.79-4.4.1 - openSUSE 13.1 (noarch): perl-Module-Signature-0.79-2.4.1 References: https://www.suse.com/security/cve/CVE-2015-3406.html https://www.suse.com/security/cve/CVE-2015-3407.html https://www.suse.com/security/cve/CVE-2015-3408.html https://www.suse.com/security/cve/CVE-2015-3409.html https://bugzilla.suse.com/928382