Jump to content

Advisories MDVSA-2010:203: automake


paul
 Share

Recommended Posts

A vulnerability was discovered and corrected in automake:

 

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3,

and release branches branch-1-4 through branch-1-9, when producing a

distribution tarball for a package that uses Automake, assign insecure

permissions (777) to directories in the build tree, which introduces

a race condition that allows local users to modify the contents of

package files, introduce Trojan horse programs, or conduct other

attacks before the build is complete (CVE-2009-4029).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct this issue.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...