openSUSE Security Update : perl-Module-Signature (openSUSE-SU-2013:1178-1)

Medium Nessus Plugin ID 75080


The remote openSUSE host is missing a security update.


perl-Module-Signature was updated to 0.73, fixing bugs and security issues :

Security fix for code execution in signature checking :

- fix for bnc#828010 (CVE-2013-2145)

- Properly redo the previous fix using File::Spec->file_name_is_absolute.

- [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013]

- Only allow loading Digest::* from absolute paths in @INC, by ensuring they begin with \ or / characters.
Contributed by: Florian Weimer (CVE-2013-2145)

- [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013]

- Constrain the user-specified digest name to /^\w+\d+$/.

- Avoid loading Digest::* from relative paths in @INC.
Contributed by: Florian Weimer (CVE-2013-2145)

- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]

- Don't check gpg version if gpg does not exist. This avoids unnecessary warnings during installation when gpg executable is not installed. Contributed by: Kenichi Ishigaki

- [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012]

- Support for gpg under these alternate names: gpg gpg2 gnupg gnupg2 Contributed by: Michael Schwern


Update the affected perl-Module-Signature package.

See Also

Plugin Details

Severity: Medium

ID: 75080

File Name: openSUSE-2013-573.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:perl-Module-Signature, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2013/07/03

Reference Information

CVE: CVE-2013-2145