automake-1.9.6-2.3.AXS3
エラータID: AXSA:2010-175:01
リリース日:
2010/04/08 Thursday - 14:57
題名:
automake-1.9.6-2.3.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Automake を用いて tarball を作成する場合、GNU Automake の dist あるいは distcheck ルールがビルドツリーのディレクトリに安全ではないパーミッション (777) を割り当て、競合状態をもたらすことで、ローカルユーザがパッケージのファイルの内容を修正すること
ができるようになったり、トロイの木馬を持ち込んだり、ビルドが終了する前に他の攻撃が可能になる脆弱性があります。(CVE-2009-4029)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-4029
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
追加情報:
N/A
ダウンロード:
SRPMS
- automake-1.9.6-2.3.AXS3.src.rpm
MD5: 505019d203d9aff11b28a073ba966949
SHA-256: ccc0da91437a116b9a9283211c4bdd329c983f8c7a9785a5b8573c116e6772c2
Size: 763.67 kB - automake14-1.4p6-13.AXS3.1.src.rpm
MD5: be5ca9a893317928e6f4e480c3187e5d
SHA-256: 74659b75927352054393cced076ae5d0e3823aae0ca8014784135b6cf76d16f6
Size: 378.63 kB - automake15-1.5-16.AXS3.2.src.rpm
MD5: 10aa178724257a640567fce32be163a0
SHA-256: 345b63bc20872d0e091223f3c0e875a5d7f2e489fa70e27e4d9026e1a28efeea
Size: 425.29 kB - automake16-1.6.3-8.AXS3.1.src.rpm
MD5: 0fc87a82de91467b5e3c869c0bc45a0f
SHA-256: 0879a23836ec644494be80e3a19bd86658fe556ed87f4161493f647017cd0edd
Size: 476.66 kB - automake17-1.7.9-7.AXS3.2.src.rpm
MD5: dcd20ba085863f5d971caac05a902c51
SHA-256: a85b33b0243689a15c957d966513e56496747c30c782d0ba701c81fff10a9957
Size: 576.01 kB
Asianux Server 3 for x86
- automake-1.9.6-2.3.AXS3.noarch.rpm
MD5: fb4059c714b7add2641744e6e1a2a44d
SHA-256: f6aead70fabf22c08f65054ebf2da604dbf60f817510ab97c2ddbe84e3e165ab
Size: 479.38 kB - automake14-1.4p6-13.AXS3.1.noarch.rpm
MD5: f8ec47a847c5ea090cd9b35765c79511
SHA-256: e63ea69340c133a88fde717520fb9dd5b830eb792d8f4262c7e417623b75e998
Size: 202.18 kB - automake15-1.5-16.AXS3.2.noarch.rpm
MD5: 1e95649f70f1645df7e3e6841562382c
SHA-256: b13690417ca65d87ef6135175e7c1a2705d38abd9020008d27d544871f5d7865
Size: 232.73 kB - automake16-1.6.3-8.AXS3.1.noarch.rpm
MD5: b81dfe0d1743fa85e03f0f682b3e77ff
SHA-256: 94bbded4733fc657365aea841cfc0c4085c5b330d907059bea5bdcd5080b77dd
Size: 243.23 kB - automake17-1.7.9-7.AXS3.2.noarch.rpm
MD5: d3de5907097f9fda9fe7448088e45c11
SHA-256: 3d86d0d40bee4ae90e0ff358a04e078dd20deea7b2416eb95f504382a0fd9f1a
Size: 280.40 kB
Asianux Server 3 for x86_64
- automake-1.9.6-2.3.AXS3.noarch.rpm
MD5: d0988dfe30d570c3fd34933ba7b31ce6
SHA-256: a45a102c0f8edbe0c7269f8cd7d15348c079d75e4682163cc72e83f527d8a989
Size: 479.36 kB - automake14-1.4p6-13.AXS3.1.noarch.rpm
MD5: fd45813acfae0eb7e3682931de484842
SHA-256: 0d1040026de2aa7ed602c86b132a9dedebc91c3a70ef86a096004bebdd789f48
Size: 202.13 kB - automake15-1.5-16.AXS3.2.noarch.rpm
MD5: ce9d49b1d061b28629caa9d57d6b0d73
SHA-256: 703f921b93171c1f13b55c0091a980a3362d9cef603f40c8be8d50a5bd98e395
Size: 232.66 kB - automake16-1.6.3-8.AXS3.1.noarch.rpm
MD5: b6f65315d101d3885de26e90ace017e1
SHA-256: edf163a7a5d77a0033b66296fb73658b10fff3d4df0c035f79182113e137ccba
Size: 243.21 kB - automake17-1.7.9-7.AXS3.2.noarch.rpm
MD5: 65d6475659ea947b4f9938a808f621ca
SHA-256: e2b795731247ccc061e1877964a887e4c423f571264b370289f7684f74c0b2d6
Size: 280.37 kB