Vulnerability in automake < 1.11.6 allows local privilege escalation (#1764) · Issues · alpine / aports

Vulnerability in automake < 1.11.6 allows local privilege escalation

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386

The “make distcheck” rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.

(from redmine: issue id 1764, created on 2013-04-05, closed on 2013-04-17)

Relations:
- parent #1762 (closed)
Changesets:
- Revision b2343efd by Natanael Copa on 2013-04-12T14:53:48Z:

main/automake: security fix (CVE-2012-3386)

fixes #1764

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information