GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Oct 17, 2013 10:26 am Post subject: [ GLSA 201310-11 ] Perl Parallel-ForkManager Module: Insecur |
|
|
Gentoo Linux Security Advisory
Title: Perl Parallel-ForkManager Module: Insecure temporary file usage (GLSA 201310-11)
Severity: normal
Exploitable: local
Date: October 17, 2013
Bug(s): #389839
ID: 201310-11
Synopsis
An insecure temporary file usage has been reported in the Perl
Parallel-ForkManager module, possibly allowing symlink attacks.
Background
Parallel-ForkManager is a simple parallel processing fork manager for
Perl.
Affected Packages
Package: dev-perl/Parallel-ForkManager
Vulnerable: < 1.20.0
Unaffected: >= 1.20.0
Architectures: All supported architectures
Description
The Perl Parallel-ForkManager module does not handle temporary files
securely.
Impact
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Parallel-ForkManager users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=dev-perl/Parallel-ForkManager-1.20.0"
|
References
CVE-2011-4115 |
|