Debian Security Advisory
DLA-978-1 perl -- LTS security update
- Date Reported:
- 05 Jun 2017
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 863870.
In Mitre's CVE dictionary: CVE-2017-6512.
- More information:
The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to an attacker-chosen value.
For Debian 7
Wheezy, these problems have been fixed in version 5.14.2-21+deb7u5.
We recommend that you upgrade your perl packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS