| Summary: | <dev-perl/Capture-Tiny-0.240.0 : insecure temporary file usage (CVE-2014-1875) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | perl |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1062424 | ||
| Whiteboard: | B4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
Arches go ahead. (In reply to Tim Harder from comment #1) > Arches go ahead. Please write a comment like this or similar: Arch teams, please test and mark stable: =dev-perl/Capture-Tiny-0.240.0 Targeted stable KEYWORDS : alpha amd64 hppa ia64 ppc ppc64 sparc x86 so that everyone instantly knows what it is you want. Stable for HPPA. alpha stable ia64 stable amd64 stable x86 stable sparc stable ppc64 stable ppc stable Cleanup done. @Security, please vote. GLSA vote: no. GLSA vote: no Closing as noglsa |
From ${URL} : It was found [1] that the Capture::Tiny module, provided by the perl-Capture-Tiny package, used the File::temp::tmpnam module to generate temporary files: ./lib/Capture/Tiny.pm: $stash->{flag_files}{$which} = scalar tmpnam(); This module makes use of the mktemp() function when called in the scalar context, which creates significantly more predictable temporary files. Additionally, the temporary file is created with world-writable (0666) permission. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to a program using the Capture::Tiny module. This issue has been reported upstream [2], but has not yet been fixed. [1] http://seclists.org/oss-sec/2014/q1/267 [2] https://github.com/dagolden/Capture-Tiny/issues/16 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.