A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to.
Note that perl-IPTables-Parse is also used by fwsnort and perl-IPTables-ChainMgr, which is used by psad.
Created perl-IPTables-Parse tracking bugs for this issue:
Affects: fedora-all [bug 1267963]
Affects: epel-5 [bug 1267964]
Affects: epel-6 [bug 1267965]
perl-IPTables-Parse-1.5-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
perl-IPTables-Parse-1.5-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
perl-IPTables-Parse-1.5-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 1284922 has been marked as a duplicate of this bug. ***
This issue was discovered by Miloslav Trmač of Red Hat.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.