https://bugzilla.redhat.com/show_bug.cgi?id=1267962 Bug ID: 1267962 Summary: perl-IPTables-Parse: Use of predictable names for temporary files Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@xxxxxxxxxx Reporter: amaris@xxxxxxxxxx CC: mitr@xxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, tremble@xxxxxxxxxxxxxx A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. Note that perl-IPTables-Parse is also used by fwsnort and perl-IPTables-ChainMgr, which is used by psad. Upstream patch: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87 -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel