https://bugzilla.redhat.com/show_bug.cgi?id=1456771
Bug ID: 1456771 Summary: CVE-2017-0374 perl-Config-Model: Local privilege escalation via crafted model Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: david.hannequin@gmail.com, perl-devel@lists.fedoraproject.org
lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array.
Debian patch:
https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/c...
https://bugzilla.redhat.com/show_bug.cgi?id=1456771
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1456772
--- Comment #1 from Adam Mariš amaris@redhat.com --- Created perl-Config-Model tracking bugs for this issue:
Affects: fedora-all [bug 1456772]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1456772 [Bug 1456772] CVE-2017-0373 CVE-2017-0374 perl-Config-Model: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1456771
Jitka Plesnikova jplesnik@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED CC| |jplesnik@redhat.com Fixed In Version| |perl-Config-Model-2.106-2.f | |c27 | |perl-Config-Model-2.114-1.f | |c28 Resolution|--- |CURRENTRELEASE Last Closed| |2018-08-14 10:37:35
https://bugzilla.redhat.com/show_bug.cgi?id=1456771
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|perl-Config-Model-2.106-2.f | |c27 | |perl-Config-Model-2.114-1.f | |c28 | Resolution|CURRENTRELEASE |ERRATA
perl-devel@lists.fedoraproject.org