Updated perltidy package fixes security vulnerability
Publication date: 31 Mar 2014Modification date: 31 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2277
Description
perltidy's make_temporary_filename() function insecurely created temporary files via the use of the tmpnam() function. A local attacker could use this flaw to perform a symbolic link attack (CVE-2014-2277).
References
SRPMS
3/core
- perltidy-20121207.0.0-2.1.mga3
4/core
- perltidy-20121207.0.0-3.1.mga4