FEDORA-2017-a3c7d077c7 — security update for perltidy

stable

perltidy-20170521-1.fc25

FEDORA-2017-a3c7d077c7 created by pghmcfc 6 years ago for Fedora 25

Cumulative bug-fix, enhancement and security update, including fix for CVE-2016-10374: perltidy relies on the current working directory for certain output files and did not have a symlink-attack protection mechanism, which allowed local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim could not delete.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-a3c7d077c7

This update has been submitted for testing by pghmcfc.

6 years ago

This update has been pushed to testing.

6 years ago

briangribble commented & provided feedback 6 years ago

karma

Working for me. Tested against #1452050 and ran through perltidy tutorial.

filiperosset commented & provided feedback 6 years ago

karma

no regressions noted

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

6 years ago

This update has been submitted for stable by pghmcfc.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

None

Builds

perltidy-20170521-1.fc25

Settings

Unstable by Karma

-1

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

6 years ago

in testing

6 years ago

in stable

6 years ago

BZ#1452050 CVE-2016-10374 perltidy: Uses current working directory without symlink-attack protection

BZ#1452051 CVE-2016-10374 perltidy: Uses current working directory without symlink-attack protection [fedora-all]

BZ#1453029 perltidy-20170521 is available

perltidy-20170521-1.fc25

Automated Test Results

None