MGASA-2013-0289

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0289.html

Import Source

https://advisories.mageia.org/MGASA-2013-0289.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0289

Upstream

CVE-2011-3599

Published

2013-09-24T21:40:52Z

Modified

2026-04-16T06:22:24.781480628Z

Summary

Updated perl-Crypt-DSA package fixes security vulnerability

Details

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack (CVE-2011-3599).

This update removes the fallback to Data::Random.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / perl-Crypt-DSA

Package

Name: perl-Crypt-DSA
Purl: pkg:rpm/mageia/perl-Crypt-DSA?arch=source&distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.170.0-1.1.mga2

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2013-0289.json"

Mageia:3 / perl-Crypt-DSA

Package

Name: perl-Crypt-DSA
Purl: pkg:rpm/mageia/perl-Crypt-DSA?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.170.0-2.1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2013-0289.json"