openSUSE Security Update : perl-Module-Signature (openSUSE-SU-2013:1178-1)

medium Nessus Plugin ID 75080

Synopsis

The remote openSUSE host is missing a security update.

Description

perl-Module-Signature was updated to 0.73, fixing bugs and security issues :

Security fix for code execution in signature checking :

- fix for bnc#828010 (CVE-2013-2145)

- Properly redo the previous fix using File::Spec->file_name_is_absolute.

- [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013]

- Only allow loading Digest::* from absolute paths in @INC, by ensuring they begin with \ or / characters.
Contributed by: Florian Weimer (CVE-2013-2145)

- [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]

- Constrain the user-specified digest name to /^\w+\d+$/.

- Avoid loading Digest::* from relative paths in @INC.
Contributed by: Florian Weimer (CVE-2013-2145)

- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]

- Don't check gpg version if gpg does not exist. This avoids unnecessary warnings during installation when gpg executable is not installed. Contributed by: Kenichi Ishigaki

- [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012]

- Support for gpg under these alternate names: gpg gpg2 gnupg gnupg2 Contributed by: Michael Schwern

Solution

Update the affected perl-Module-Signature package.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=828010

https://lists.opensuse.org/opensuse-updates/2013-07/msg00039.html

Plugin Details

Severity: Medium

ID: 75080

File Name: openSUSE-2013-573.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:perl-module-signature, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 7/3/2013

Reference Information

CVE: CVE-2013-2145