Advisories » MGASA-2014-0147

Updated perltidy package fixes security vulnerability

Publication date: 31 Mar 2014
Modification date: 31 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2277

Description

perltidy's make_temporary_filename() function insecurely created temporary
files via the use of the tmpnam() function. A local attacker could use this
flaw to perform a symbolic link attack (CVE-2014-2277).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13081
• https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2277

SRPMS

3/core

• perltidy-20121207.0.0-2.1.mga3

4/core

• perltidy-20121207.0.0-3.1.mga4