Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung temporärer Dateien in perl-Proc-ProcessTable
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in perl-Proc-ProcessTable
ID: FEDORA-2013-13617
Distribution: Fedora
Plattformen: Fedora 19
Datum: Mo, 5. August 2013, 07:42
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4363
Applikationen: perl-Proc-ProcessTable

Originalnachricht

Name        : perl-Proc-ProcessTable
Product : Fedora 19
Version : 0.48
Release : 1.fc19
URL : http://search.cpan.org/dist/Proc-ProcessTable/
Summary : Perl extension to access the Unix process table
Description :
Perl interface to the Unix process table.

-------------------------------------------------------------------------------
-
Update Information:

This update, to the current upstream maintenance release, fixes numerous bugs
(as mentioned in the package changelog), including unsafe usage of /tmp when caching is enabled (CVE-2011-4363), which could allow an attacker to overwrite arbitrary files due to a race condition.
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Jul 24 2013 Paul Howarth <paul@city-fan.org> - 0.48-1
- Update to 0.48
- Make module thread-safe on linux (CPAN RT#38709)
- New constructor flag enable_ttys, which when set to 0 disables traversing
the device tree
- New maintainer JSWARTZ
- Fix reading process command lines (CPAN RT#51470)
- Fixes for non-threaded perls (CPAN RT#41397, CPAN RT#46861, CPAN RT#58236)
- Fix file descriptor leak (CPAN RT#69397)
- Fix unsafe use of /tmp (CPAN RT#72862, CVE-2011-4363)
- Various fixes for non-linux operating systems
- Fix byte order tag in cache file (CPAN RT#72862)
- Fixes to stay accurate on machines with many CPUs (CPAN RT#82175), to
include system time into calculations (CPAN RT#80391) and others
(CPAN RT#81312, CPAN RT#82175 and CPAN RT#80391)
- Fix unknown process states for debian kernels (CPAN RT#71976)
- Added tests
- Drop ARG_MAX patch, no longer needed
- Don't use macros for commands
- Don't need to remove empty directories from the buildroot
- Don't ship empty TODO file
- Drop %defattr, redundant since rpm 4.4
- Specify all dependencies
- Add %{?perl_default_filter}
* Thu Jul 18 2013 Petr Pisar <ppisar@redhat.com> - 0.44-14
- Perl 5.18 rebuild
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #758866 - CVE-2011-4363 perl-Proc-ProcessTable: unsafe temporary
file usage
https://bugzilla.redhat.com/show_bug.cgi?id=758866
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Proc-ProcessTable' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung