Lucene search

K
gentooGentoo FoundationGLSA-201310-15
HistoryOct 25, 2013 - 12:00 a.m.

GNU Automake: Multiple vulnerabilities

2013-10-2500:00:00
Gentoo Foundation
security.gentoo.org
6

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

Background

GNU Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards.

Description

Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could execute arbitrary commands with the privileges of the user running an Automake-based build.

Workaround

There is no known workaround at this time.

Resolution

All Automake users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-devel/automake-1.11.6"
OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-devel/automake< 1.11.6UNKNOWN

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

Related for GLSA-201310-15