Bugzilla – Bug 832538
VUL-1: CVE-2013-4184: perl-Data-UUID: symlink attacks
Last modified: 2017-08-17 14:39:36 UTC
Via oss-sec [1]: ========================================================================= Hi all, The Perl module Data::UUID from CPAN is vulnerable to symlink attacks. This is a widely used Perl module for generating UUIDs. Details are in the bug report on github: https://github.com/rjbs/Data-UUID/issues/5 I believe all released versions are affected - I have confirmed the issue against 1.219. Regarding affected distributions, note that Debian and Fedora do not ship Data::UUID from CPAN - they use OSSP's uuid. However, at least Arch and Gentoo seem to ship the CPAN version. I've not previously requested a CVE id for this, it's an open source request, and it's not embargoed. Kind regards, -- Tim Retout <tim@retout.co.uk> ========================================================================= [1] http://seclists.org/oss-sec/2013/q3/251
Note: sdk only
Affected packages: SLE-11-SP3: perl-Data-UUID
dropped from openSUSE, SLE 11 only had the debuginfo,debugsource