Advisories ยป MGASA-2014-0147

Updated perltidy package fixes security vulnerability

Publication date: 31 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2277

Description

perltidy's make_temporary_filename() function insecurely created temporary
files via the use of the tmpnam() function. A local attacker could use this
flaw to perform a symbolic link attack (CVE-2014-2277).
                

References

SRPMS

4/core

3/core