Stay Secure with the Latest Linux Advisories

security advisorysecurity issuefedora

Fedora 40: FEDORA-2024-3da8ed5be3 moderate: perl-Data-UUID Symlink Issue

This update fixes CVE-2013-4184 (possible symlink attack due to use of predictable temporary file names). The module no longer saves state in temporary files at all.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-3da8ed5be3 2024-03-28 00:15:36.328340 -------------------------------------------------------------------------------- Name : perl-Data-UUID Product : Fedora 40 Version : 1.227 Release : 1.fc40 URL : https://metacpan.org/dist/Data-UUID Summary : Globally/Universally Unique Identifiers (GUIDs/UUIDs) Description : This module provides a framework for generating v3 UUIDs (Universally Unique Identifiers, also known as GUIDs (Globally Unique Identifiers). A UUID is 128 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network Computing System (NCS) and later in the Open Software Foundation's (OSF) Distributed Computing Environment. Currently many different technologies rely on UUIDs to provide unique identity for various software components. Microsoft COM/DCOM for instance, uses GUIDs very extensively to uniquely identify classes, applications and components across network-connected systems. The algorithm for UUID generation, used by this extension, is described in the Internet Draft "UUIDs and GUIDs" by Paul J. Leach and Rich Salz (see RFC 4122). It provides a reasonably efficient and reliable framework for generating UUIDs and supports fairly high allocation rates - 10 million per second per machine - and therefore is suitable for identifying both extremely short-lived and very persistent objects on a given system as well as across the network. This module provides several methods to create a UUID. In all methods, is a UUID and is a free form string. -------------------------------------------------------------------------------- Update Information: This update fixesCVE-2013-4184 (possible symlink attack due to use of predictable temporary file names). The module no longer saves state in temporary files at all. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 19 2024 Paul Howarth - 1.227-1 - Update to 1.227 - New maintainer, GTERMARS - Add basic GitHub Actions setup for testing - Typo corrections in POD - Eliminated use of state/node files in temp directory (CVE-2013-4184) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3da8ed5be3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . CVE-2014-3566 is addressed in perl-XML-LibXML for Ubuntu 22.04, safeguarding against XML injection vulnerabilities via untrusted data.. Fedora Update, Perl Data UUID, Symlink Protection, Security Fix. . Severity: Important. LinuxSecurity.com Team

Mar 28, 2024 •Important Fedora