| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <404C8770.30005@informatik.hu-berlin.de> Date: Mon, 08 Mar 2004 15:47:12 +0100 From: Stefan Nordhausen <deletethis.nordhaus@...ormatik.hu-berlin.de> To: bugtraq@...urityfocus.com Subject: Symlink Vulnerability in GNU automake <1.8.3 Vulnerable: GNU automake <1.8.3 Not Vulnerable: GNU automake 1.8.3 Project website: http://www.gnu.org/software/automake/ Description of libtool (from website): "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards." Discussion: The Makefiles generated by automake insecurely create temporary directories. Because the insecure code is inside the Makefile this bug can only be exploited during compile time. The bug original report with some more detail can be found at http://sources.redhat.com/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=automake&pr=413 Solution: This vulnerability has been fixed in GNU automake 1.8.3 which is the current stable release. Programmers should update their automake packages and re-create their Makefiles if they were created using GNU automake. Regards Stefan Nordhausen -- If you put garbage in a computer nothing comes out but garbage. But this garbage, having passed through a very expensive machine, is somehow enobled and none dare criticize it.
Powered by blists - more mailing lists