Advisories ยป MGASA-2017-0301

Updated perltidy packages fix security vulnerability

Publication date: 24 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10374

Description

perltidy relies on the current working directory for certain output
files and does not have a symlink-attack protection mechanism, which
allows local users to overwrite arbitrary files by creating a symlink
(CVE-2016-10374).
                

References

SRPMS

5/core