User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0167 (perl-Authen-Captcha)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0167: Updated perl-Authen-Captcha package uses randomly generated filenames
Date:  Wed, 9 Apr 2014 07:30:45 +0200
Message-ID:  <20140409053045.3FC6941F1C@valstar.mageia.org>

MGASA-2014-0167 - Updated perl-Authen-Captcha package uses randomly generated filenames Publication date: 09 Apr 2014 URL: http://advisories.mageia.org/MGASA-2014-0167.html Type: security Affected Mageia releases: 3, 4 Description: An issue in previous versions of perl-Authen-Captcha is that the generated public string (file name of the picture) for the captcha is merely a checksum of the secret string. It is trivial to break such short strings even using google instead of a rainbow table. This new version of perl-Authen-Captcha fixes the problem by producing a random filename for the captcha. References: - https://lists.fedoraproject.org/pipermail/package-announc... - https://bugs.mageia.org/show_bug.cgi?id=13165 SRPMS: - 4/core/perl-Authen-Captcha-1.24.0-1.mga4 - 3/core/perl-Authen-Captcha-1.24.0-1.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds