Lucene search

K
gentooGentoo FoundationGLSA-201310-15
HistoryOct 25, 2013 - 12:00 a.m.

GNU Automake: Multiple vulnerabilities

2013-10-2500:00:00
Gentoo Foundation
security.gentoo.org
19

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

5.1%

Background

GNU Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards.

Description

Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could execute arbitrary commands with the privileges of the user running an Automake-based build.

Workaround

There is no known workaround at this time.

Resolution

All Automake users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-devel/automake-1.11.6"
OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-devel/automake< 1.11.6UNKNOWN

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

5.1%