Lucene search

K
centosCentOS ProjectCESA-2014:1243
HistorySep 30, 2014 - 11:21 a.m.

automake security update

2014-09-3011:21:28
CentOS Project
lists.centos.org
44

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

5.1%

CentOS Errata and Security Advisory CESA-2014:1243

Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.

It was found that the distcheck rule in Automake-generated Makefiles made a
directory world-writable when preparing source archives. If a malicious,
local user could access this directory, they could execute arbitrary code
with the privileges of the user running “make distcheck”. (CVE-2012-3386)

Red Hat would like to thank Jim Meyering for reporting this issue. Upstream
acknowledges Stefano Lattarini as the original reporter.

All automake users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-September/082769.html

Affected packages:
automake

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1243

OSVersionArchitecturePackageVersionFilename
CentOS5noarchautomake< 1.9.6-3.el5automake-1.9.6-3.el5.noarch.rpm
CentOS5noarchautomake< 1.9.6-3.el5automake-1.9.6-3.el5.noarch.rpm

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

5.1%