PublicDateAtUSN: 2015-04-23
Candidate: CVE-2015-3409
PublicDate: 2015-05-19 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3409
 http://www.openwall.com/lists/oss-security/2015/04/07/1
 https://ubuntu.com/security/notices/USN-2607-1
Description:
 Untrusted search path vulnerability in Module::Signature before 0.75 allows
 local users to gain privileges via a Trojan horse module under the current
 working directory, as demonstrated by a Trojan horse Text::Diff module.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: John Lightsey
Assigned-to: mdeslaur
CVSS: 

Patches_libmodule-signature-perl:
 upstream: https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef
upstream_libmodule-signature-perl: released (0.75)
lucid_libmodule-signature-perl: ignored (reached end-of-life)
precise_libmodule-signature-perl: released (0.68-1ubuntu0.12.04.2)
trusty_libmodule-signature-perl: released (0.73-1ubuntu0.14.04.1)
trusty/esm_libmodule-signature-perl: DNE (trusty was released [0.73-1ubuntu0.14.04.1])
utopic_libmodule-signature-perl: released (0.73-1ubuntu0.14.10.1)
vivid_libmodule-signature-perl: released (0.73-1ubuntu0.15.04.1)
devel_libmodule-signature-perl: not-affected (0.78-2)