Mailinglist Archive: opensuse-updates (96 mails)

< Previous Next >
openSUSE-SU-2013:1185-1: moderate: perl-Module-Signature
openSUSE Security Update: perl-Module-Signature
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1185-1
Rating: moderate
References: #828010
Cross-References: CVE-2013-2145
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


perl-Module-Signature was updated to 0.73, fixing bugs and
security issues:

Security fix for code execution in signature checking:
* fix for bnc#828010 (CVE-2013-2145)
* Properly redo the previous fix using
File::Spec->file_name_is_absolute.

- [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013]
* Only allow loading Digest::* from absolute paths in
@INC, by ensuring they begin with \ or / characters.
Contributed by: Florian Weimer (CVE-2013-2145)
- [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]
* Constrain the user-specified digest name to /^\w+\d+$/.
* Avoid loading Digest::* from relative paths in @INC.
Contributed by: Florian Weimer (CVE-2013-2145)
- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
* Don't check gpg version if gpg does not exist. This
avoids unnecessary warnings during installation when
gpg executable is not installed. Contributed by:
Kenichi Ishigaki
- [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012]
* Support for gpg under these alternate names: gpg gpg2
gnupg gnupg2 Contributed by: Michael Schwern
- [Changes for 0.68 - Wed Dec 14 12:14:47 UTC 2011]
* Fix breakage introduced by 0.67 (Andreas König).
* Better handling of \r (Andreas König, Zefram)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-108

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (noarch):

perl-Module-Signature-0.73-9.1


References:

http://support.novell.com/security/cve/CVE-2013-2145.html
https://bugzilla.novell.com/828010


< Previous Next >
This Thread
  • No further messages