Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Module::Signature
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Module::Signature
ID: USN-1896-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04
Datum: Mi, 3. Juli 2013, 16:33
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2145
https://launchpad.net/ubuntu/+source/libmodule-signature-perl/0.68-1ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/libmodule-signature-perl/0.68-1ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/libmodule-signature-perl/0.68-1ubuntu0.13.04.1
Applikationen: Module::Signature

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============0984592867342059164==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enigA16358474A52F4C377926523"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA16358474A52F4C377926523
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1896-1
July 03, 2013

libmodule-signature-perl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Module::Signature could be made to run programs if it verified a signature.

Software Description:
- libmodule-signature-perl: module to manipulate CPAN SIGNATURE files

Details:

Florian Weimer discovered that the Module::Signature perl module
incorrectly loaded unknown ciphers from relative directories. An attacker
could possibly use this flaw to execute arbitrary code when a signature is
verified.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
libmodule-signature-perl 0.68-1ubuntu0.13.04.1

Ubuntu 12.10:
libmodule-signature-perl 0.68-1ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libmodule-signature-perl 0.68-1ubuntu0.12.04.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1896-1
CVE-2013-2145

Package Information:

https://launchpad.net/ubuntu/+source/libmodule-signature-perl/0.68-1ubuntu0.13.04.1

https://launchpad.net/ubuntu/+source/libmodule-signature-perl/0.68-1ubuntu0.12.10.1

https://launchpad.net/ubuntu/+source/libmodule-signature-perl/0.68-1ubuntu0.12.04.1



--------------enigA16358474A52F4C377926523
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJR1CGNAAoJEGVp2FWnRL6TatgP/ihdpiuEJxUrdkWPS0WsmBMA
cPLceXgmNcZJXZMlMgNEixmF0LRW7al5F55WQiq5aeH32S3dN5n0+lDNNmS+ZwS+
jajKA5Z55VsvG7+IMhOs3kElv+cYXEt6X7GN5piMtO6Q5ni3FZ5RdzNAMR6NUZPz
/qkoeQF/EZJtbgB5M99nUTA3OOXZf87yzzZxLfMdFJxvRu9XscN98CkzjbNyu/zf
4trve85kqbd7R3s6FWI4yWm8tpW8q47PAPeq/3X4XxzbC7RkQN99NymCJd1GgXM4
kegr95Bfr+tl7wdD2HpYdtvPgJ4d58AsChbSz6Z2wxHI7jrgYpl03VVrI+HSc6X8
HlZaKJ6O8cYraKwVyaxkVrv/glESuBueXfLkwurXojyaZEokkWMy0ktay1PuMRwo
jg4wciohN9S+VWgMiDOvN/nYCXkibHeoc+cHx1ZnBQ+DpN2Op+Ek6ifNmDEs22Ja
Bn1EvPU3N1KMtW+03jLW1s2NN41j4CXAuyuZW2+uxLpjaM0TiryfXMkXD0vbpj/M
aFBnmswyi2s+A5VRCdQ1kL3d2x5bqkySO8mKC7J7lI2PlpRa7vEpfoee/JxWRHQI
QEyVgMQhiRi+2X3typBDlZ/sTdXW500wyg2dq0IcqbW8jfXQvXJW1qaMFJ8F2EqZ
W7MVtXQpqh9CkQ7uxkv0
=h5It
-----END PGP SIGNATURE-----

--------------enigA16358474A52F4C377926523--


--===============0984592867342059164==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0984592867342059164==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung