Perl Parallel-ForkManager Module: Insecure temporary file usage

Perl Parallel-ForkManager Module: Insecure temporary file usage An insecure temporary file usage has been reported in the Perl Parallel-ForkManager module, possibly allowing symlink attacks. Parallel-ForkManager 2013-10-17 2013-10-17 389839 local 1.20.0 1.20.0

Parallel-ForkManager is a simple parallel processing fork manager for Perl.

The Perl Parallel-ForkManager module does not handle temporary files securely.

A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.

There is no known workaround at this time.

All Parallel-ForkManager users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=dev-perl/Parallel-ForkManager-1.20.0"

CVE-2011-4115 underling ackle