MGASA-2012-0127
| Date: | June 27th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated perl-Config-IniFiles package fixes security vulnerability:
perl-Config-IniFiles used a predicatable temporary file name
(${filename}-new) which makes it prone to a symlink attack. If a
malicious user were to create a symlink pointing to another file
writable by the user running an application that used
perl-Config-IniFiles, they could overwrite the contents of that
file (CVE-2012-2451).
Updated Packages:
Mageia 1:
perl-Config-IniFiles-2.760.0-1.mga1
Mageia 2:
perl-Config-IniFiles-2.760.0-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2451
https://bugzilla.redhat.com/show_bug.cgi?id=818386
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html
https://bugs.mageia.org/show_bug.cgi?id=6024
