Updated perl-Crypt-DSA package fixes security vulnerability
Publication date: 24 Sep 2013Modification date: 24 Sep 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2011-3599
Description
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack (CVE-2011-3599). This update removes the fallback to Data::Random.
References
SRPMS
3/core
- perl-Crypt-DSA-1.170.0-2.1.mga3
2/core
- perl-Crypt-DSA-1.170.0-1.1.mga2