Vulnerabilities > CVE-2009-4029 - Race Condition vulnerability in GNU Automake 1.10.3/1.11.1/Branch

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
gnu
CWE-362
nessus

Summary

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

Vulnerable Configurations

Part Description Count
Application
Gnu
3

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-1216.NASL
    descriptionFixes CVE-2009-4029 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47240
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47240
    titleFedora 11 : automake-1.11.1-1.fc11.1 (2010-1216)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-1216.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47240);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:31");
    
      script_cve_id("CVE-2009-4029");
      script_bugtraq_id(37378);
      script_xref(name:"FEDORA", value:"2010-1216");
    
      script_name(english:"Fedora 11 : automake-1.11.1-1.fc11.1 (2010-1216)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixes CVE-2009-4029
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=542609"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/034542.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?26430f7e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected automake package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:automake");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC11", reference:"automake-1.11.1-1.fc11.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "automake");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0321.NASL
    descriptionUpdated automake, automake14, automake15, automake16, and automake17 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029) Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used when compiling programs from the source code. All users of automake, automake14, automake15, automake16, and automake17 should upgrade to these updated packages, which resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id46289
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46289
    titleRHEL 5 : automake (RHSA-2010:0321)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-1148.NASL
    description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.6.3-18.1 - fix CVE-2009-4029 - Fri Jul 31 2009 Karsten Hopp <karsten at redhat.com> 1.6.3-18 - rebuild - Thu Jul 30 2009 Karsten Hopp <karsten at redhat.com> 1.6.3-17 - fix build problem - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.3-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47235
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47235
    titleFedora 11 : automake16-1.6.3-18.fc11.1 (2010-1148)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13157.NASL
    description - Wed Dec 9 2009 Karsten Hopp <karsten at redhat.com> 1.11.1-1 - update to version 1.11.1 to fix CVE-2009-4029 - Tue Dec 1 2009 Karsten Hopp <karsten at redhat.com> 1.11-6 - preserve time stamps of man pages (#225302) - drop MIT from list of licenses - Wed Nov 4 2009 Stepan Kasal <skasal at redhat.com> - 1.11-5 - add even more testsuite build requires - Wed Nov 4 2009 Stepan Kasal <skasal at redhat.com> - 1.11-4 - add build requires for testsuite Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id44879
    published2010-02-25
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44879
    titleFedora 12 : automake-1.11.1-1.fc12 (2009-13157)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-203.NASL
    descriptionA vulnerability was discovered and corrected in automake : The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete (CVE-2009-4029). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id49973
    published2010-10-14
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49973
    titleMandriva Linux Security Advisory : automake (MDVSA-2010:203)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-3591.NASL
    description - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.4p6-20 - add fix for CVE-2009-4029 - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4p6-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47321
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47321
    titleFedora 11 : automake14-1.4p6-20.fc11 (2010-3591)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201310-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201310-15 (GNU Automake: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details. Impact : A local attacker could execute arbitrary commands with the privileges of the user running an Automake-based build. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70650
    published2013-10-27
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70650
    titleGLSA-201310-15 : GNU Automake: Multiple vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100330_AUTOMAKE_ON_SL5_X.NASL
    descriptionAutomake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029) Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used when compiling programs from the source code.
    last seen2020-06-01
    modified2020-06-02
    plugin id60761
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60761
    titleScientific Linux Security Update : automake on SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-3520.NASL
    description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.6.3-18.1 - fix CVE-2009-4029 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47315
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47315
    titleFedora 12 : automake16-1.6.3-18.fc12.1 (2010-3520)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_AUTOMAKE-130812.NASL
    descriptionThis update of automake fixes a race condition in
    last seen2020-06-05
    modified2013-08-14
    plugin id69345
    published2013-08-14
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69345
    titleSuSE 11.2 / 11.3 Security Update : automake (SAT Patch Numbers 8196 / 8197)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79961
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79961
    titleGLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-3563.NASL
    description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.5-29.1 - update CVE-2009-4029 patch - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.5-29 - add disttag - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.5-28 - add fix for CVE-2009-4029 - add buildrequirement flex Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47317
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47317
    titleFedora 12 : automake15-1.5-29.fc12.1 (2010-3563)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-3569.NASL
    description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.7.9-13.1 - fix CVE-2009-4029 - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7.9-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47318
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47318
    titleFedora 11 : automake17-1.7.9-13.fc11.1 (2010-3569)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-3573.NASL
    description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.7.9-13.1 - fix CVE-2009-4029 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47319
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47319
    titleFedora 12 : automake17-1.7.9-13.fc12.1 (2010-3573)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-1174.NASL
    description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.5-29.1 - update CVE-2009-4029 patch - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.5-29 - add disttag - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.5-28 - add fix for CVE-2009-4029 - add buildrequirement flex - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5-27 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47238
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47238
    titleFedora 11 : automake15-1.5-29.fc11.1 (2010-1174)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-1718.NASL
    description - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.4p6-20 - add fix for CVE-2009-4029 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47265
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47265
    titleFedora 12 : automake14-1.4p6-20.fc12 (2010-1718)

Oval

accepted2013-04-29T04:15:28.467-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
familyunix
idoval:org.mitre.oval:def:11717
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
version19

Redhat

advisories
bugzilla
id542609
title based directory hierarchy
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentautomake14 is earlier than 0:1.4p6-13.el5.1
          ovaloval:com.redhat.rhsa:tst:20100321001
        • commentautomake14 is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20100321002
      • AND
        • commentautomake15 is earlier than 0:1.5-16.el5.2
          ovaloval:com.redhat.rhsa:tst:20100321003
        • commentautomake15 is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20100321004
      • AND
        • commentautomake16 is earlier than 0:1.6.3-8.el5.1
          ovaloval:com.redhat.rhsa:tst:20100321005
        • commentautomake16 is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20100321006
      • AND
        • commentautomake17 is earlier than 0:1.7.9-7.el5.2
          ovaloval:com.redhat.rhsa:tst:20100321007
        • commentautomake17 is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20100321008
      • AND
        • commentautomake is earlier than 0:1.9.6-2.3.el5
          ovaloval:com.redhat.rhsa:tst:20100321009
        • commentautomake is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20100321010
rhsa
idRHSA-2010:0321
released2010-03-29
severityLow
titleRHSA-2010:0321: automake security update (Low)
rpms
  • automake-0:1.9.6-2.3.el5
  • automake14-0:1.4p6-13.el5.1
  • automake15-0:1.5-16.el5.2
  • automake16-0:1.6.3-8.el5.1
  • automake17-0:1.7.9-7.el5.2

Statements

contributorMark Cox
lastmodified2010-03-31
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029 This issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html The Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.