Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
200
security advisorylocal executionlow severityScientific Linux: CVE-2012-3386 Low: Automake Local Execution Risk
Low: automake security update. Date: Thu, 28 Feb 2013 16:17:04 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Low: automake on SL6.x (noarch) MIME-Version: 1.0 Synopsis: Low: automake security update Issue Date: 2013-02-21 CVE Numbers: CVE-2012-3386 -- It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". (CVE-2012-3386) -- SL6 noarch automake-1.11.1-4.el6.noarch.rpm - Scientific Linux Development Team . A new security patch has been released for automake, targeting minor vulnerabilities found in Scientific Linux.. Automake Security Update, Scientific Linux Security Update, Low Severity Vulnerabilities. . Severity: Low. LinuxSecurity.com Team
Feb 28, 2013
•Low
Scientific Linux
98
security advisoryupdatesecurity fixRed Hat: RHSA-2013:0526-02 Low: Automake Local Exploit Risk
An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: automake security update Advisory ID: RHSA-2013:0526-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0526.html Issue date: 2013-02-21 CVE Names: CVE-2012-3386 ==================================================================== 1. Summary: An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". (CVE-2012-3386) Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter. Users of automake are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update isavailable via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 838286 - CVE-2012-3386 automake: locally exploitable "make distcheck" bug 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: noarch: automake-1.11.1-4.el6.noarch.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: noarch: automake-1.11.1-4.el6.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: noarch: automake-1.11.1-4.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: noarch: automake-1.11.1-4.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-3386 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . A minor automake patch for Red Hat Enterprise Linux mitigates a localized security vulnerability. Update promptly for safety.. Automake Update, Local Exploit Mitigation, Red Hat Security. . Severity: Low. LinuxSecurity.com Team
Feb 21, 2013
•Low
Red Hat
200
security advisorylow severityautomakeScientific Linux: Automake Low Severity Advisory CVE-2009-4029
Low: automake security update. Date: Tue, 27 Apr 2010 10:56:20 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Low: automake on SL5.x i386/x86_64 Comments: To: "
Apr 27, 2010
•Low
Scientific Linux
98
security advisoryRed HatupdateRed Hat: RHSA-2010:0321-04 Low Severity: Automake Local Access Risk
Updated automake, automake14, automake15, automake16, and automake17 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: automake security update Advisory ID: RHSA-2010:0321-04 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0321.html Issue date: 2010-03-30 CVE Names: CVE-2009-4029 ==================================================================== 1. Summary: Updated automake, automake14, automake15, automake16, and automake17 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - noarch Red Hat Enterprise Linux (v. 5 server) - noarch 3. Description: Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029) Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used whencompiling programs from the source code. All users of automake, automake14, automake15, automake16, and automake17 should upgrade to these updated packages, which resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 542609 - CVE-2009-4029 Automake: Race condition by creation of "distdir" based directory hierarchy 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: noarch: automake-1.9.6-2.3.el5.noarch.rpm automake14-1.4p6-13.el5.1.noarch.rpm automake15-1.5-16.el5.2.noarch.rpm automake16-1.6.3-8.el5.1.noarch.rpm automake17-1.7.9-7.el5.2.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: noarch: automake-1.9.6-2.3.el5.noarch.rpm automake14-1.4p6-13.el5.1.noarch.rpm automake15-1.5-16.el5.2.noarch.rpm automake16-1.6.3-8.el5.1.noarch.rpm automake17-1.7.9-7.el5.2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2009-4029 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsjDqXlSAg2UNWIIRAs+eAJ9gAR+Pwec8LLHDdG+PB6zUvbw3rwCdFJ29 sDQzcNq842NPZuddQIY78Uw=kqw7 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 30, 2010
•Low
Red Hat
98
security advisoryred hatlow severityRed Hat: RHSA-2010:0321-04 Low: Automake Directory Permissions Fix
Updated automake, automake14, automake15, automake16, and automake17 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: automake security update Advisory ID: RHSA-2010:0321-04 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0321.html Issue date: 2010-03-30 CVE Names: CVE-2009-4029 ==================================================================== 1. Summary: Updated automake, automake14, automake15, automake16, and automake17 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - noarch Red Hat Enterprise Linux (v. 5 server) - noarch 3. Description: Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029) Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used when compiling programs from the source code. All users of automake, automake14, automake15, automake16, andautomake17 should upgrade to these updated packages, which resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 542609 - CVE-2009-4029 Automake: Race condition by creation of "distdir" based directory hierarchy 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: noarch: automake-1.9.6-2.3.el5.noarch.rpm automake14-1.4p6-13.el5.1.noarch.rpm automake15-1.5-16.el5.2.noarch.rpm automake16-1.6.3-8.el5.1.noarch.rpm automake17-1.7.9-7.el5.2.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: noarch: automake-1.9.6-2.3.el5.noarch.rpm automake14-1.4p6-13.el5.1.noarch.rpm automake15-1.5-16.el5.2.noarch.rpm automake16-1.6.3-8.el5.1.noarch.rpm automake17-1.7.9-7.el5.2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2009-4029 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. . Recent updates to Automake packages in Red Hat Linux address a minor security vulnerability. Please verify that your system is fully updated.. Automake Update, Red Hat Security, Permissions Issue, Linux Advisory. . Severity: Low. LinuxSecurity.com Team
Mar 30, 2010
•Low
Red Hat
91
security advisoryGentoohigh severityGentoo: 200404-08 High Risk: Automake Symbolic Link Attack
Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200404-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GNU Automake symbolic link vulnerability Date: April 08, 2004 Bugs: #45646 ID: 200404-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges. Background ========= Automake is a tool for automatically generating `Makefile.in' files which is often used in conjuction with Autoconf and other GNU Autotools to ease portability among applications. It also provides a standardized and light way of writing complex Makefiles through the use of many built-in macros. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- sys-devel/automake < 1.8.3 > = 1.8.3 Description ========== Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or escalate their privileges. This is due to the insecure way Automake creates directories during compilation. An attacker may be able to create symbolic links in the place of files contained in the affected directories, which may potentially lead to elevated privileges due to modification of data. Impact ===== An attacker may be able to use this vulnerability to modify data in an unauthorized fashion or elevate theirprivileges. Workaround ========= A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. Resolution ========= Automake users should upgrade to version 1.8.3 or later: # emerge sync # emerge -pv "> =sys-devel/automake-1.8.3" # emerge "> =sys-devel/automake-1.8.3" Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Apr 08, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!