Unsichere Verwendung temporärer Dateien in perl-File-Path
ID: | FEDORA-2017-212f07c853 |
Distribution: | Fedora |
Plattformen: | Fedora 24 |
Datum: | Sa, 17. Juni 2017, 08:59 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6512 |
Applikationen: | perl-File-Path |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-212f07c853 2017-06-16 13:14:50.415318 -------------------------------------------------------------------------------- Name : perl-File-Path Product : Fedora 24 Version : 2.12 Release : 3.fc24 URL : http://search.cpan.org/dist/File-Path/ Summary : Create or remove directory trees Description : This module provides a convenient way to create directories of arbitrary depth and to delete an entire directory subtree from the file system. -------------------------------------------------------------------------------- Update Information: This release fixes a possible setting arbitrary mode on an arbitrary file in rmtree() and remove_tree() calls known as CVE-2017-6512. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1457832 - CVE-2017-6512 perl-File-Path: rmtree/remove_tree race condition https://bugzilla.redhat.com/show_bug.cgi?id=1457832 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade perl-File-Path' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |