[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)
From: |
Stefano Lattarini |
Subject: |
GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!) |
Date: |
Mon, 09 Jul 2012 18:14:03 +0200 |
This message announces the Automake 1.11.6 bug-fixing release.
This release FIXES A SECURITY VULNERABILITY (CVE-2012-3386), so you are
strongly encouraged to upgrade your existing Automake installation ASAP.
With this release, the recipe of the 'distcheck' target no longer grants
temporary world-wide write permissions on the extracted distdir. Even if
such rights were only granted for a vanishingly small time window, the
implied race condition proved to be enough to allow a local attacker to
run arbitrary code with the privileges of the user running "make distcheck".
The fix of this security vulnerability is the only change between the
earlier 1.11.5 release and the present 1.11.6 one.
Download the fixed release here:
ftp://ftp.gnu.org/gnu/automake/automake-1.11.6.tar.gz
ftp://ftp.gnu.org/gnu/automake/automake-1.11.6.tar.xz
Please report bugs and problems to <address@hidden>, and send
general comments and feedback to <address@hidden>.
Thanks to everyone who has reported problems, contributed patches,
and helped testing Automake!