| From: |
| Pat Riehecky <riehecky@fnal.gov> |
| To: |
| "SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV"
<SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV> |
| Subject: |
| Security ERRATA Low: automake on SL6.x (noarch) |
| Date: |
| Thu, 28 Feb 2013 16:17:04 -0600 |
| Message-ID: |
| <512FD760.70004@fnal.gov> |
| Archive-link: |
| Article, Thread
|
Synopsis: Low: automake security update
Issue Date: 2013-02-21
CVE Numbers: CVE-2012-3386
--
It was found that the distcheck rule in Automake-generated Makefiles made a
directory world-writable when preparing source archives. If a malicious,
local
user could access this directory, they could execute arbitrary code with the
privileges of the user running "make distcheck". (CVE-2012-3386)
--
SL6
noarch
automake-1.11.1-4.el6.noarch.rpm
- Scientific Linux Development Team
(
Log in to post comments)