Oval Definition:oval:com.redhat.rhsa:def:20100321
Revision Date:2010-03-30Version:639
Title:RHSA-2010:0321: automake security update (Low)
Description:Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards.

  • Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029)

    Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used when compiling programs from the source code.

    All users of automake, automake14, automake15, automake16, and automake17 should upgrade to these updated packages, which resolve this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2009-4029
    RHSA-2010:0321
    RHSA-2010:0321-04
    RHSA-2010:0321-04
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • automake14 is earlier than 0:1.4p6-13.el5.1
  • AND automake14 is signed with Red Hat redhatrelease2 key
  • automake15 is earlier than 0:1.5-16.el5.2
  • AND automake15 is signed with Red Hat redhatrelease2 key
  • automake16 is earlier than 0:1.6.3-8.el5.1
  • AND automake16 is signed with Red Hat redhatrelease2 key
  • automake17 is earlier than 0:1.7.9-7.el5.2
  • AND automake17 is signed with Red Hat redhatrelease2 key
  • automake is earlier than 0:1.9.6-2.3.el5
  • AND automake is signed with Red Hat redhatrelease2 key
    • BACK