https://bugzilla.redhat.com/show_bug.cgi?id=1284922 Bug ID: 1284922 Summary: perl-IPTables-Parse: insecure temporary file use Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@xxxxxxxxxx Reporter: mprpic@xxxxxxxxxx CC: mitr@xxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, tremble@xxxxxxxxxxxxxx A flaw was fixed in perl-IPTables-Parse: (Miloslav Trmač) Fixed a vulnerability to not use predictable names for temporary files. This vulnerability would allow an attacker on a multi- user system to set up symlinks to overwrite any file the current user has write access to. If a user manually overrides the temporary file locations with the 'iptout' and 'ipterr' hash keys, it is recommended to not use predictable names either. CVE request: http://seclists.org/oss-sec/2015/q4/366 Upstream patch: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87 External References: https://metacpan.org/source/MRASH/IPTables-Parse-1.6/Changes#L3 -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
