Module::Signature Vulnerability Fixed in Ubuntu 12.04

A couple of other OSes from Canonical have been affected by this problem

  Ubuntu 12.04 desktop
On July 3, in a security notice, Canonical published details about a Module::Signature perl module vulnerability in its Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.

On July 3, in a security notice, Canonical published details about a Module::Signature perl module vulnerability in its Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.

According to Canonical, Module::Signature could have been made to run programs, if it verified a signature.

It has been discovered that the Module::Signature perl module incorrectly loaded unknown ciphers from relative directories. An attacker could have used this flaw to execute arbitrary code when a signature was verified.

For a more detailed description of the security problems, you can see Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest llibmodule-signature-perl package, specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart will not be necessary to implement the changes.

Comments