Amazon Linux 1 Security Advisory: ALAS-2014-356
Advisory Release Date: 2014-06-15 16:19 Pacific
Advisory Updated Date: 2014-09-19 10:22 Pacific
It was discovered that perltidy's make_temporary_filename() function insecurely created temporary files via the use of the tmpnam() function. A local attacker could use this flaw to perform a symbolic link attack.
Affected Packages:
perltidy
Issue Correction:
Run yum update perltidy to update your system.
noarch:
perltidy-20121207-3.8.amzn1.noarch
src:
perltidy-20121207-3.8.amzn1.src