https://bugzilla.redhat.com/show_bug.cgi?id=1209917
Bug ID: 1209917
Summary: perl-Module-Signature: arbitrary code execution when
verifying module signatures
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected]
Module::Signature before version 0.75 used two argument open() calls to read
the files when generating checksums from the signed manifest. This allowed
embedding arbitrary shell commands into the SIGNATURE file that would execute
during the signature verification process.
Upstream fix:
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
CVE request: http://seclists.org/oss-sec/2015/q2/59
--
You are receiving this mail because:
You are on the CC list for the bug.
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
