Advisories » MGASA-2017-0301

Updated perltidy packages fix security vulnerability

Publication date: 24 Aug 2017
Modification date: 24 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10374

Description

perltidy relies on the current working directory for certain output
files and does not have a symlink-attack protection mechanism, which
allows local users to overwrite arbitrary files by creating a symlink
(CVE-2016-10374).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21079
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KS6UVEQTFR4NWHO6BVXCHZB2TFEJX7P3/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10374

SRPMS

5/core

• perltidy-20170521.0.0-1.mga5