GNU Automake: Multiple vulnerabilities Multiple vulnerabilities have been found in GNU Automake, allowing local arbitrary command execution with the privileges of the user running an Automake-based build. automake October 25, 2013 October 25, 2013: 1 295357 426336 local 1.11.6 1.11.6

GNU Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards.

Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details.

A local attacker could execute arbitrary commands with the privileges of the user running an Automake-based build.

There is no known workaround at this time.

All Automake users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/automake-1.11.6"
CVE-2009-4029 CVE-2012-3386 underling phajdan.jr