[SECURITY] Fedora 9 Update: perl-Crypt-OpenSSL-DSA-0.13-9.fc9

updates at fedoraproject.org updates at fedoraproject.org
Thu Feb 19 14:18:10 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-1914
2009-02-19 13:34:02
--------------------------------------------------------------------------------

Name        : perl-Crypt-OpenSSL-DSA
Product     : Fedora 9
Version     : 0.13
Release     : 9.fc9
URL         : http://search.cpan.org/dist/Crypt-OpenSSL-DSA/
Summary     : Perl interface to OpenSSL for DSA
Description :
Crypt::OpenSSL::DSA - Digital Signature Algorithm using OpenSSL

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2009-0129: The Crypto::OpenSSL::DSA module now croaks upon error
rather than returning a -1 to ensure programmers are not caught by surprise
which only checking for non-zero results.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 18 2009 Wes Hardaker <wjhns174 at hardakers.net> - 0.13-9
- Version bump to solve build issues
* Wed Feb 18 2009 Wes Hardaker <wjhns174 at hardakers.net> - 0.13-8
- Fix CVE-2009-0129 and have do_verify croak on fatal error
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #486012 - CVE-2009-0129 perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify()
        https://bugzilla.redhat.com/show_bug.cgi?id=486012
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl-Crypt-OpenSSL-DSA' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list