A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. Note that perl-IPTables-Parse is also used by fwsnort and perl-IPTables-ChainMgr, which is used by psad. Upstream patch: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
Created perl-IPTables-Parse tracking bugs for this issue: Affects: fedora-all [bug 1267963] Affects: epel-5 [bug 1267964] Affects: epel-6 [bug 1267965]
perl-IPTables-Parse-1.5-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
perl-IPTables-Parse-1.5-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
perl-IPTables-Parse-1.5-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 1284922 has been marked as a duplicate of this bug. ***
CVE request: http://seclists.org/oss-sec/2015/q4/366
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.