DescriptionThe par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
Overall state of this security issue: Ignore
This issue is currently rated as having low severity.
|National Vulnerability Database|
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames:
openSUSE Tumbleweed GA perl-PAR