Scientific Linux: Automake Low Severity Advisory CVE-2009-4029

Date: Tue, 27 Apr 2010 10:56:20 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Low: automake on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Low: automake security update
Issue date:	2010-03-30
CVE Names:	CVE-2009-4029

Automake-generated Makefiles made certain directories world-writable
when preparing source archives, as was recommended by the GNU Coding
Standards. If a malicious, local user could access the directory where a
victim was creating distribution archives, they could use this flaw to
modify the files being added to those archives. Makefiles generated by
these updated automake packages no longer make distribution directories
world-writable, as recommended by the updated GNU Coding Standards.
(CVE-2009-4029)

Note: This issue affected Makefile targets used by developers to prepare
distribution source archives. Those targets are not used when compiling
programs from the source code.

SL 5.x

 SRPMS:
automake-1.9.6-2.3.el5.src.rpm
automake14-1.4p6-13.el5.1.src.rpm
automake15-1.5-16.el5.2.src.rpm
automake16-1.6.3-8.el5.1.src.rpm
automake17-1.7.9-7.el5.2.src.rpm
 i386:
automake14-1.4p6-13.el5.1.noarch.rpm
automake15-1.5-16.el5.2.noarch.rpm
automake16-1.6.3-8.el5.1.noarch.rpm
automake17-1.7.9-7.el5.2.noarch.rpm
automake-1.9.6-2.3.el5.noarch.rpm
 x86_64:
automake14-1.4p6-13.el5.1.noarch.rpm
automake15-1.5-16.el5.2.noarch.rpm
automake16-1.6.3-8.el5.1.noarch.rpm
automake17-1.7.9-7.el5.2.noarch.rpm
automake-1.9.6-2.3.el5.noarch.rpm

-Connie Sieh
-Troy Dawson