GNU Automake: Multiple vulnerabilities — GLSA 201310-15

Multiple vulnerabilities have been found in GNU Automake, allowing local arbitrary command execution with the privileges of the user running an Automake-based build.

Affected Packages

sys-devel/automake on all architectures
Affected versions < 1.11.6
Unaffected versions >= 1.11.6

Background

GNU Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards.

Description

Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could execute arbitrary commands with the privileges of the user running an Automake-based build.

Workaround

There is no known workaround at this time.

Resolution

All Automake users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-devel/automake-1.11.6"
 

References

Release Date
October 25, 2013

Latest Revision
October 25, 2013: 1

Severity
normal

Exploitable
local

Bugzilla entries