118 matches found
UBUNTU-CVE-2015-3406
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors...
UBUNTU-CVE-2015-3409
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module...
CVE-2015-3407
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files...
CVE-2015-3406
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors...
CVE-2015-3409
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module...
UBUNTU-CVE-2015-3408
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...
UBUNTU-CVE-2015-3407
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files...
Fedora 22 : perl-Module-Signature-0.78-1.fc22 / perl-Test-Signature-1.11-1.fc22 (2015-5904)
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behaviour...
Fedora 20 : perl-Module-Signature-0.78-1.fc20 / perl-Test-Signature-1.11-1.fc20 (2015-5840)
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior ...
Fedora 21 : perl-Module-Signature-0.78-1.fc21 / perl-Test-Signature-1.11-1.fc21 (2015-5833)
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior ...
Fedora Update for perl-Module-Signature FEDORA-2015-5840
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for perl-Module-Signature FEDORA-2015-5833
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 20 Update: perl-Test-Signature-1.11-1.fc20
Module::Signature allows you to verify that a distribution has not been tampered with. Test::Signature lets that be tested as part of the distribution's test suite...
Updated perl-Module-Signature packages fix security vulnerabilities
Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying t...
MGASA-2015-0160 Updated perl-Module-Signature packages fix security vulnerabilities
Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying t...
openSUSE Security Update : perl-Module-Signature (openSUSE-SU-2013:1178-1)
perl-Module-Signature was updated to 0.73, fixing bugs and security issues : Security fix for code execution in signature checking : - fix for bnc828010 CVE-2013-2145 - Properly redo the previous fix using File::Spec-filenameisabsolute. - Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013 - Only allo...
GLSA-201310-01 : Perl Module-Signature module: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201310-01 Perl Module-Signature module: Arbitrary code execution The cpansign verify command will automatically download keys and use them to check the signature of CPAN packages via the SIGNATURE file. If an attacker were to...
Perl Module-Signature module: Arbitrary code execution
Background The Perl Module::Signature module adds signing capabilities to CPAN modules. Description The ‘cpansign verify’ command will automatically download keys and use them to check the signature of CPAN packages via the SIGNATURE file. If an attacker were to replace this SHA1 with a special...
CVE-2013-2145
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/...
DEBIAN-CVE-2013-2145
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/...