 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 27 Apr 2010 10:56:20 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Low: automake security update
Issue date: 2010-03-30
CVE Names: CVE-2009-4029
Automake-generated Makefiles made certain directories world-writable
when preparing source archives, as was recommended by the GNU Coding
Standards. If a malicious, local user could access the directory where a
victim was creating distribution archives, they could use this flaw to
modify the files being added to those archives. Makefiles generated by
these updated automake packages no longer make distribution directories
world-writable, as recommended by the updated GNU Coding Standards.
(CVE-2009-4029)
Note: This issue affected Makefile targets used by developers to prepare
distribution source archives. Those targets are not used when compiling
programs from the source code.
SL 5.x
SRPMS:
automake-1.9.6-2.3.el5.src.rpm
automake14-1.4p6-13.el5.1.src.rpm
automake15-1.5-16.el5.2.src.rpm
automake16-1.6.3-8.el5.1.src.rpm
automake17-1.7.9-7.el5.2.src.rpm
i386:
automake14-1.4p6-13.el5.1.noarch.rpm
automake15-1.5-16.el5.2.noarch.rpm
automake16-1.6.3-8.el5.1.noarch.rpm
automake17-1.7.9-7.el5.2.noarch.rpm
automake-1.9.6-2.3.el5.noarch.rpm
x86_64:
automake14-1.4p6-13.el5.1.noarch.rpm
automake15-1.5-16.el5.2.noarch.rpm
automake16-1.6.3-8.el5.1.noarch.rpm
automake17-1.7.9-7.el5.2.noarch.rpm
automake-1.9.6-2.3.el5.noarch.rpm
-Connie Sieh
-Troy Dawson
|
|
|
