LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware > Slackware - Installation
User Name
Password
Slackware - Installation This forum is for the discussion of installation issues with Slackware.

Notices

Reply
 
Search this Thread
Old 09-03-2013, 12:22 PM   #1
hpfeil
Member
 
Registered: Nov 2010
Location: Tucson, Arizona US
Distribution: Slackware Current, custom kernel, amd64, Beyond LinuxFromScratch
Posts: 130
Blog Entries: 1

Rep: Reputation: Disabled
gnu automake security alert CVE-2012-3386


Not sure if this is the correct place to put such notices, but the chaps over at GNU posted some sort of security fix for automake:

"Please note that Automake 1.12.2 and Automake 1.11.6 fix a security issue (CVE-2012-3386)..." https://lists.gnu.org/archive/html/a.../msg00023.html

Further explanation: https://lists.gnu.org/archive/html/a.../msg00023.html
"It is important to stress that this vulnerability impacts not only the Automake package itself, but all packages with Automake-generated makefiles. For an effective fix it is necessary to regenerate the Makefile.in files with a fixed Automake version.

The most recent version of automake I could find in current at mirrors.slackware.com is 1.11.5 from 24Jun2012. I figure the distcheck issues is no big deal, which is why we didn't upgrade to 1.11.6? Only folks that use it are those who compile packages from source code, which is probably on a box immune to such nonsense.

"GNU Automake 1.12.2 as well as 1.11.6 fix a locally-exploitable security-related race condition that affects "make distcheck" for all packages that use Automake."

I only mention it because I came across a deprecated form of autoconf.ac that needs an autoupdate massage.
 
Old 09-14-2013, 07:06 PM   #2
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 755

Rep: Reputation: 227Reputation: 227Reputation: 227
In all my years of using Linux and compiling various packages from source I can not say I have ever invoked "make distcheck"

Checking out the docs for it and it looks like the only people who would ever use this are the developers of various programs themselves to ensure that their resulting source tarball behaves itself.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices when a cve alert is issued for software on your machine YankeePride13 Linux - Server 2 08-14-2013 03:54 PM
Broken CVE links in latest security updates? FeyFre Slackware 2 03-27-2013 04:18 PM
LXer: Chakra GNU/Linux 2012.09 Has KDE 4.9.1 LXer Syndicated Linux News 0 09-10-2012 07:20 AM
LXer: Chakra GNU/Linux 2012.04 Has KDE SC 4.8.2 LXer Syndicated Linux News 0 04-17-2012 02:30 PM
LXer: Chakra GNU/Linux 2012.02 Has KDE SC 4.8 LXer Syndicated Linux News 0 02-12-2012 08:31 PM


All times are GMT -5. The time now is 06:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration