Red Hat Bugzilla – Bug 1284922
perl-IPTables-Parse: insecure temporary file use
Last modified: 2015-11-24 08:49:22 EST
A flaw was fixed in perl-IPTables-Parse:
(Miloslav Trmač) Fixed a vulnerability to not use predictable names for temporary files. This vulnerability would allow an attacker on a multi- user system to set up symlinks to overwrite any file the current user has write access to. If a user manually overrides the temporary file locations with the 'iptout' and 'ipterr' hash keys, it is recommended to not use predictable names either.
Created perl-IPTables-Parse tracking bugs for this issue:
Affects: fedora-all [bug 1284923]
Affects: epel-all [bug 1284924]
This is already #1267962, isn’t it?
(In reply to Miloslav Trmač from comment #2)
> This is already #1267962, isn’t it?
Bah, you're right. Sorry about that. Thanks for closing all of these.
*** This bug has been marked as a duplicate of bug 1267962 ***