Cumulative bug-fix, enhancement and security update, including fix for CVE-2016-10374: perltidy relies on the current working directory for certain output files and did not have a symlink-attack protection mechanism, which allowed local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim could not delete.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2017-a3c7d077c7
Please login to add feedback.
This update has been submitted for testing by pghmcfc.
This update has been pushed to testing.
Working for me. Tested against #1452050 and ran through perltidy tutorial.
no regressions noted
This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.
This update has been submitted for stable by pghmcfc.
This update has been pushed to stable.