Advisories ยป MGASA-2013-0289

Updated perl-Crypt-DSA package fixes security vulnerability

Publication date: 24 Sep 2013
Modification date: 24 Sep 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2011-3599

Description

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when
/dev/random is absent, uses the Data::Random module, which makes it easier
for remote attackers to spoof a signature, or determine the signing key of
a signed message, via a brute-force attack (CVE-2011-3599).

This update removes the fallback to Data::Random.
                

References

SRPMS

2/core

3/core