MGASA-2012-0193
| Date: | August 2nd, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated automake package fixes security vulnerability:
A race condition in automake (lib/am/distdir.am) could allow a local
attacker to run arbitrary code with the privileges of the user running
make distcheck (CVE-2012-3386).
Please note that this vulnerability impacts not only the Automake package
itself, but all packages with Automake-generated makefiles. For an
effective fix it is necessary to regenerate the Makefile.in files with a
fixed Automake version.
Updated Packages:
Mageia 1:
automake-1.11.1-3.1.mga1
automake1.7-1.7.9-13.1.mga1
Mageia 2:
automake-1.11.3-1.1.mga2
automake1.7-1.7.9-13.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
https://bugzilla.redhat.com/show_bug.cgi?id=838286
https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html
https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:103
https://bugs.mageia.org/show_bug.cgi?id=6749
