Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 04 Nov 2011 10:18:16 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: John Lightsey <john@...nuts.net>
Subject: Re: CVE request: unsafe use of /tmp in multiple CPAN
 modules

On 11/04/2011 08:46 AM, John Lightsey wrote:
> These were reported to the upstream authors a while back. None of these
> bugs are fixed in the currently available versions:
>
>
> PAR::Packer - PAR packed files are extracted to unsafe and predictable
> temporary directories
>
> https://rt.cpan.org/Public/Bug/Display.html?id=69560
Please use CVE-2011-4114 for this issue

> Parallel::ForkManager - Insecure /tmp file handling
>
> https://rt.cpan.org/Public/Bug/Display.html?id=68298
>
Please use CVE-2011-4115 for this issue

> File::Temp - _is_safe() allows unsafe traversal of symlinks
>
> https://rt.cpan.org/Public/Bug/Display.html?id=69106
>
Please use CVE-2011-4116 for this issue

> Batch::BatchRun - Unsafe /tmp file usage
>
> https://rt.cpan.org/Public/Bug/Display.html?id=69594
>
Please use CVE-2011-4117 for this issue

-- 

-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ