oss-sec mailing list archives
Re: CVE request: unsafe use of /tmp in multiple CPAN modules
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 04 Nov 2011 10:18:16 -0600
On 11/04/2011 08:46 AM, John Lightsey wrote:
These were reported to the upstream authors a while back. None of these bugs are fixed in the currently available versions: PAR::Packer - PAR packed files are extracted to unsafe and predictable temporary directories https://rt.cpan.org/Public/Bug/Display.html?id=69560
Please use CVE-2011-4114 for this issue
Parallel::ForkManager - Insecure /tmp file handling https://rt.cpan.org/Public/Bug/Display.html?id=68298
Please use CVE-2011-4115 for this issue
File::Temp - _is_safe() allows unsafe traversal of symlinks https://rt.cpan.org/Public/Bug/Display.html?id=69106
Please use CVE-2011-4116 for this issue
Batch::BatchRun - Unsafe /tmp file usage https://rt.cpan.org/Public/Bug/Display.html?id=69594
Please use CVE-2011-4117 for this issue -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Kurt Seifried (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 05)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 05)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)