ALAS-2014-356

Amazon Linux 1 (EOL) Security Advisory: ALAS-2014-356
Advisory Released Date: 2014-06-15
Advisory Updated Date: 2014-09-19

Severity: Low

References: CVE-2014-2277
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

It was discovered that perltidy's make_temporary_filename() function insecurely created temporary files via the use of the tmpnam() function. A local attacker could use this flaw to perform a symbolic link attack.

Affected Packages:

perltidy

Issue Correction:
Run yum update perltidy or yum update --advisory ALAS-2014-356 to update your system.

New Packages:

noarch:
    perltidy-20121207-3.8.amzn1.noarch

src:
    perltidy-20121207-3.8.amzn1.src

Additional References

Red Hat: CVE-2014-2277

Mitre: CVE-2014-2277