Login
Newsletter
Werbung

Sicherheit: Überschreiben von Dateien in perltidy
Aktuelle Meldungen Distributionen
Name: Überschreiben von Dateien in perltidy
ID: FEDORA-2017-1f11501a9f
Distribution: Fedora
Plattformen: Fedora 24
Datum: Mo, 12. Juni 2017, 07:23
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10374
Applikationen: perltidy

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2017-1f11501a9f
2017-06-11 16:12:28.826981
-------------------------------------------------------------------------------
-

Name : perltidy
Product : Fedora 24
Version : 20170521
Release : 1.fc24
URL : http://perltidy.sourceforge.net/
Summary : Tool for indenting and re-formatting Perl scripts
Description :
Perltidy is a Perl script that indents and re-formats Perl scripts to
make them easier to read. If you write Perl scripts, or spend much
time reading them, you will probably find it useful. The formatting
can be controlled with command line parameters. The default parameter
settings approximately follow the suggestions in the Perl Style Guide.
Perltidy can also output HTML of both POD and source code. Besides
re-formatting scripts, Perltidy can be a great help in tracking down
errors with missing or extra braces, parentheses, and square brackets
because it is very good at localizing errors.

-------------------------------------------------------------------------------
-
Update Information:

Cumulative bug-fix, enhancement and security update, including fix for
CVE-2016-10374: perltidy relies on the current working directory for certain
output files and did not have a symlink-attack protection mechanism, which
allowed local users to overwrite arbitrary files by creating a symlink, as
demonstrated by creating a perltidy.ERR symlink that the victim could not
delete.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1452050 - CVE-2016-10374 perltidy: Uses current working directory
without symlink-attack protection
https://bugzilla.redhat.com/show_bug.cgi?id=1452050
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade perltidy' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung