Mandriva Linux Security Advisory : perl-Crypt-DSA (MDVSA-2013:241)
Medium Nessus Plugin ID 70133
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability has been discovered and corrected in perl-Crypt-DSA :
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack (CVE-2011-3599).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected perl-Crypt-DSA package.