Gentoo Logo

GNU Automake: Multiple vulnerabilities


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 201310-15 / automake
Release Date October 25, 2013
Latest Revision October 25, 2013: 1
Impact normal
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
sys-devel/automake < 1.11.6 >= 1.11.6 All supported architectures

Related bugreports: #295357, #426336


Multiple vulnerabilities have been found in GNU Automake, allowing local arbitrary command execution with the privileges of the user running an Automake-based build.

2.  Impact Information


GNU Automake is a tool for automatically generating files compliant with the GNU Coding Standards.


Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details.


A local attacker could execute arbitrary commands with the privileges of the user running an Automake-based build.

3.  Resolution Information


There is no known workaround at this time.


All Automake users should upgrade to the latest version:

Code Listing 3.1: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=sys-devel/automake-1.11.6"

4.  References


Page updated October 25, 2013

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.