https://bugzilla.redhat.com/show_bug.cgi?id=1267962 Bug ID: 1267962 Summary: perl-IPTables-Parse: Use of predictable names for temporary files Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: mitr(a)redhat.com, perl-devel(a)lists.fedoraproject.org, tremble(a)tremble.org.uk A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. Note that perl-IPTables-Parse is also used by fwsnort and perl-IPTables-ChainMgr, which is used by psad. Upstream patch: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94... -- You are receiving this mail because: You are on the CC list for the bug.