drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in perltidy
Name: |
Überschreiben von Dateien in perltidy |
|
ID: |
FEDORA-2017-a3c7d077c7 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 25 |
|
Datum: |
Mo, 12. Juni 2017, 07:27 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10374 |
|
Applikationen: |
perltidy |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2017-a3c7d077c7 2017-06-11 16:12:43.743412 ------------------------------------------------------------------------------- -
Name : perltidy Product : Fedora 25 Version : 20170521 Release : 1.fc25 URL : http://perltidy.sourceforge.net/ Summary : Tool for indenting and re-formatting Perl scripts Description : Perltidy is a Perl script that indents and re-formats Perl scripts to make them easier to read. If you write Perl scripts, or spend much time reading them, you will probably find it useful. The formatting can be controlled with command line parameters. The default parameter settings approximately follow the suggestions in the Perl Style Guide. Perltidy can also output HTML of both POD and source code. Besides re-formatting scripts, Perltidy can be a great help in tracking down errors with missing or extra braces, parentheses, and square brackets because it is very good at localizing errors.
------------------------------------------------------------------------------- - Update Information:
Cumulative bug-fix, enhancement and security update, including fix for CVE-2016-10374: perltidy relies on the current working directory for certain output files and did not have a symlink-attack protection mechanism, which allowed local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim could not delete. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1452050 - CVE-2016-10374 perltidy: Uses current working directory without symlink-attack protection https://bugzilla.redhat.com/show_bug.cgi?id=1452050 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade perltidy' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|