Mailinglist Archive: opensuse-updates (96 mails)

< Previous Next >
openSUSE-SU-2013:1178-1: moderate: perl-Module-Signature
openSUSE Security Update: perl-Module-Signature

Announcement ID: openSUSE-SU-2013:1178-1
Rating: moderate
References: #828010
Cross-References: CVE-2013-2145
Affected Products:
openSUSE 12.3
openSUSE 12.2

An update that fixes one vulnerability is now available.


perl-Module-Signature was updated to 0.73, fixing bugs and
security issues:

Security fix for code execution in signature checking:
* fix for bnc#828010 (CVE-2013-2145)
* Properly redo the previous fix using

- [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013]
* Only allow loading Digest::* from absolute paths in
@INC, by ensuring they begin with \ or / characters.
Contributed by: Florian Weimer (CVE-2013-2145)
- [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]
* Constrain the user-specified digest name to /^\w+\d+$/.
* Avoid loading Digest::* from relative paths in @INC.
Contributed by: Florian Weimer (CVE-2013-2145)
- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
* Don't check gpg version if gpg does not exist. This
avoids unnecessary warnings during installation when
gpg executable is not installed. Contributed by:
Kenichi Ishigaki
- [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012]
* Support for gpg under these alternate names: gpg gpg2
gnupg gnupg2 Contributed by: Michael Schwern

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-573

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-573

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.3 (noarch):


- openSUSE 12.2 (noarch):



< Previous Next >
This Thread
  • No further messages