Stay Secure with the Latest Linux Advisories

security advisoryFedoratemporary file

Fedora 38: FEDORA-2024-08bb549a36 Moderate: perl-Data-UUID Symlink Fix

This update fixes CVE-2013-4184 (possible symlink attack due to use of predictable temporary file names). The module no longer saves state in temporary files at all.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-08bb549a36 2024-03-28 01:40:27.506833 -------------------------------------------------------------------------------- Name : perl-Data-UUID Product : Fedora 38 Version : 1.227 Release : 1.fc38 URL : https://metacpan.org/dist/Data-UUID Summary : Globally/Universally Unique Identifiers (GUIDs/UUIDs) Description : This module provides a framework for generating v3 UUIDs (Universally Unique Identifiers, also known as GUIDs (Globally Unique Identifiers). A UUID is 128 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network Computing System (NCS) and later in the Open Software Foundation's (OSF) Distributed Computing Environment. Currently many different technologies rely on UUIDs to provide unique identity for various software components. Microsoft COM/DCOM for instance, uses GUIDs very extensively to uniquely identify classes, applications and components across network-connected systems. The algorithm for UUID generation, used by this extension, is described in the Internet Draft "UUIDs and GUIDs" by Paul J. Leach and Rich Salz (see RFC 4122). It provides a reasonably efficient and reliable framework for generating UUIDs and supports fairly high allocation rates - 10 million per second per machine - and therefore is suitable for identifying both extremely short-lived and very persistent objects on a given system as well as across the network. This module provides several methods to create a UUID. In all methods, is a UUID and is a free form string. -------------------------------------------------------------------------------- Update Information: This update fixesCVE-2013-4184 (possible symlink attack due to use of predictable temporary file names). The module no longer saves state in temporary files at all. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 19 2024 Paul Howarth - 1.227-1 - Update to 1.227 - New maintainer, GTERMARS - Add basic GitHub Actions setup for testing - Typo corrections in POD - Eliminated use of state/node files in temp directory (CVE-2013-4184) * Thu Jan 25 2024 Fedora Release Engineering - 1.226-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 1.226-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Tue Aug 29 2023 Jitka Plesnikova - 1.226-14 - Update license to SPDX format * Thu Jul 20 2023 Fedora Release Engineering - 1.226-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 11 2023 Jitka Plesnikova - 1.226-12 - Perl 5.38 rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-08bb549a36' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Addresses CVE-2013-4184 vulnerability in perl-Data-UUID: mitigates temporary file hazards and bolsters security.. Fedora Updates, Perl Data UUID, Symlink Security, Temporary File Vulnerability, Software Maintenance. . LinuxSecurity.com Team

Mar 28, 2024 Fedora