ALAS-2014-356


Amazon Linux AMI Security Advisory: ALAS-2014-356
Advisory Release Date: 2014-09-19 10:22 Pacific
Severity: Low
References: CVE-2014-2277 

Issue Overview:

It was discovered that perltidy's make_temporary_filename() function insecurely created temporary files via the use of the tmpnam() function. A local attacker could use this flaw to perform a symbolic link attack.


Affected Packages:

perltidy


Issue Correction:
Run yum update perltidy to update your system.

New Packages:
noarch:
    perltidy-20121207-3.8.amzn1.noarch

src:
    perltidy-20121207-3.8.amzn1.src