Ubuntu Security Notice USN-2607-1

Ubuntu Security Notice 2607-1 – John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. John Lightsey discovered that Module::Signature incorrectly handled files that were not listed in the SIGNATURE file. A remote attacker could use this flaw to execute arbitrary code when tests were run. Various other issues were also addressed.

Leave a Reply