Mandrake Linux Security Advisory : perl-Net_SSLeay (MDKSA-2006:023)
Medium Nessus Plugin ID 20817
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionJavier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH. This could potentially lead to weakened cryptographic operations if an attacker was able to provide a /tmp/entropy file with known content.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected perl-Net_SSLeay package.