Nome do pacote
perl-Crypt-DSA
Data
2013-09-25
ID Alerta
MDVSA-2013:241
Versões afetadas
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Descrição do problema

A vulnerability has been discovered and corrected in perl-Crypt-DSA:

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl,
when /dev/random is absent, uses the Data::Random module, which makes
it easier for remote attackers to spoof a signature, or determine
the signing key of a signed message, via a brute-force attack
(CVE-2011-3599).

The updated packages have been patched to correct this issue.

Pacotes atualizados

MES5 i586

 b2d578fb857d0d658c923d98b44be02c  mes5/i586/perl-Crypt-DSA-0.14-5.1mdvmes5.2.noarch.rpm 
 1575c55caee1cf50b1dfc43aa6f30deb  mes5/SRPMS/perl-Crypt-DSA-0.14-5.1mdvmes5.2.src.rpm

MBS1 x86_64

 b9f8de43ae0758a39b539c70bd3362e1  mbs1/x86_64/perl-Crypt-DSA-1.170.0-2.1.mbs1.noarch.rpm 
 3618a082b061450b06ed08ce81353681  mbs1/SRPMS/perl-Crypt-DSA-1.170.0-2.1.mbs1.src.rpm

MES5 x86_64

 55fa4ee99d27f4e26beed7d5fa875ef7  mes5/x86_64/perl-Crypt-DSA-0.14-5.1mdvmes5.2.noarch.rpm 
 1575c55caee1cf50b1dfc43aa6f30deb  mes5/SRPMS/perl-Crypt-DSA-0.14-5.1mdvmes5.2.src.rpm

Referências