drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in perl-Data-UUID
| Name: |
Unsichere Verwendung temporärer Dateien in perl-Data-UUID |
|
| ID: |
FEDORA-2024-08bb549a36 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 38 |
|
| Datum: |
Do, 28. März 2024, 06:26 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4184 |
|
| Applikationen: |
perl-Data-UUID |
|
Originalnachricht |
-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2024-08bb549a36
2024-03-28 01:40:27.506833
-------------------------------------------------------------------------------
-
Name : perl-Data-UUID
Product : Fedora 38
Version : 1.227
Release : 1.fc38
URL : https://metacpan.org/release/Data-UUID
Summary : Globally/Universally Unique Identifiers (GUIDs/UUIDs)
Description :
This module provides a framework for generating v3 UUIDs (Universally Unique
Identifiers, also known as GUIDs (Globally Unique Identifiers). A UUID is 128
bits long, and is guaranteed to be different from all other UUIDs/GUIDs
generated until 3400 CE.
UUIDs were originally used in the Network Computing System (NCS) and later in
the Open Software Foundation's (OSF) Distributed Computing Environment.
Currently many different technologies rely on UUIDs to provide unique identity
for various software components. Microsoft COM/DCOM for instance, uses GUIDs
very extensively to uniquely identify classes, applications and components
across network-connected systems.
The algorithm for UUID generation, used by this extension, is described in the
Internet Draft "UUIDs and GUIDs" by Paul J. Leach and Rich Salz (see
RFC 4122).
It provides a reasonably efficient and reliable framework for generating UUIDs
and supports fairly high allocation rates - 10 million per second per machine -
and therefore is suitable for identifying both extremely short-lived and very
persistent objects on a given system as well as across the network.
This module provides several methods to create a UUID. In all methods,
<namespace> is a UUID and <name> is a free form string.
-------------------------------------------------------------------------------
-
Update Information:
This update fixes CVE-2013-4184 (possible symlink attack due to use of
predictable temporary file names). The module no longer saves state in
temporary
files at all.
-------------------------------------------------------------------------------
-
ChangeLog:
* Tue Mar 19 2024 Paul Howarth <paul@city-fan.org> - 1.227-1
- Update to 1.227
- New maintainer, GTERMARS
- Add basic GitHub Actions setup for testing
- Typo corrections in POD
- Eliminated use of state/node files in temp directory (CVE-2013-4184)
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> -
1.226-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> -
1.226-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Aug 29 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1.226-14
- Update license to SPDX format
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> -
1.226-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1.226-12
- Perl 5.38 rebuild
-------------------------------------------------------------------------------
-
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-08bb549a36' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
|
|
|
|
