Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-3386 (GCVE-0-2012-3386)
Vulnerability from cvelistv5 – Published: 2012-08-07 21:00 – Updated: 2024-08-06 20:05
VLAI?
EPSS
Summary
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-14770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "MDVSA-2012:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "openSUSE-SU-2012:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "FEDORA-2012-14349",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name": "RHSA-2013:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "[automake] 20120709 CVE-2012-3386 Automake security fix for \u0027make distcheck\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "FEDORA-2012-14297",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-19T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2012-14770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "MDVSA-2012:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "openSUSE-SU-2012:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "FEDORA-2012-14349",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name": "RHSA-2013:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "[automake] 20120709 CVE-2012-3386 Automake security fix for \u0027make distcheck\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "FEDORA-2012-14297",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3386",
"datePublished": "2012-08-07T21:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.11.5\", \"matchCriteriaId\": \"BF1142BF-7EE4-4937-A928-86057C853BB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825E1F9E-0DFB-47BF-8D28-52B6804C199A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41C63958-FF26-4223-8EF5-1E2CEFD9DBC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"499D5653-552E-44EE-8183-FD5D05BF8F35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE71E960-691A-4816-A04D-A8D1F3CDA2CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.4:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"620AE4A6-8801-4E2E-BC16-4CA0A128EAD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.4:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BB76EC2-1F74-4BB2-B1B5-F3416CDC345B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.4:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E969575-F171-42B7-B02D-CD494D9F9CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.4:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"6396CC6D-2290-4D98-90FD-498EFDAC690B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.4:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"8227C2EC-7C6B-4C91-86FE-FD4892C0D855\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.4:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"377CA093-EE7B-4F14-A9D0-62E678EE787E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A8CECA9-BDE4-4E0D-9D1A-3A8B705736CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37F4CA27-ECDF-4F2B-889B-954C1539DB8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A883A1BE-D2F9-43F6-9779-163762DC0BDE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"098E2153-D183-4603-AB8E-A424E321CB3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2C958A3-01F2-45A6-8F0B-74BE794E06CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6454F4F7-507E-4539-B566-39E5ABD9F3B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C19F15E-FBBC-4DEB-9438-DCF5FB9CD366\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E466BA9-460D-4B7E-BD10-9CD072DE8846\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9ECA16B-1AD3-4199-9D01-018DBDA0AD63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6667859B-7297-4BB1-97DB-195037EB71C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C42854C-5241-43A8-9E27-0701CE97BB94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"855F7E05-B617-4046-B6E4-7894CD237654\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD6A46DF-3A7F-40EA-B2D6-BBDB8CEF2744\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.7.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26C09EE5-460F-4169-A372-878E77120204\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.7.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5205CF45-634B-4994-8CB1-C70B87FFC7D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AFB9079-79EA-4DC3-9C86-72D90788AB35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B2ABAC0-D633-43B6-9BA2-E346E8D2BAAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A579BF1E-0ECE-4D1F-8849-359626B9F250\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FAE2575-4611-481E-AA37-549B2F528864\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F29368AC-C9BA-451B-90DA-CCE8AB291946\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81FB30CC-D96B-443A-B1B5-61F207F80B04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FF64364-4A8B-4155-9FDA-E4AF655EA826\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E529FDE-1475-4F83-AD75-795AA2CFCE48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAA3D112-97D4-4605-AAD9-ACD8C1901332\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E44D4B2-F8E6-4D2E-800D-2101C1832261\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7565230F-80E8-49F2-BFC9-F33B690AC78D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52DA2099-218B-4588-B381-539307426AB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"032119F6-768D-42BF-A4B8-2059BFA3AAD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45D17CFC-3C6D-4EC1-9FED-2C158AC517C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.10.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DD32447-BADF-4E6B-8745-75202A3AF83B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7348FBF0-AD00-4236-9CA0-BA01FD153629\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06107483-9738-4C1A-A706-3DE7D9F04E7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2A91930-6A6C-4B56-99DF-8A06F270AEC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CE405EB-E067-464D-86AE-6F0C56C7250E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6C72AC-9EDB-4BB4-8C7F-BA1F886939EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.11.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDD57193-65DC-4AFC-96C0-725AC176E7F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C64F490F-2837-4A97-BA1E-6E796B8B4F27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CE494CF-6DD2-451E-B9F4-A102B06B9183\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The \\\"make distcheck\\\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"La regla \\\"make distcheck\\\" en GNU Automake anterior a v1.11.6 y v1.12.x anterior a v1.12.2 asigna permisos world-writable al directorio de extracci\\u00f3n, lo que produce una vulnerabilidad de condici\\u00f3n de carrera que permite a usuarios locales ejecutar c\\u00f3digo a trav\\u00e9s de vectores no determinados.\"}]",
"id": "CVE-2012-3386",
"lastModified": "2024-11-21T01:40:45.690",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2012-08-07T21:55:01.420",
"references": "[{\"url\": \"http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0526.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:103\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0526.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:103\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}, {\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-3386\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-08-07T21:55:01.420\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The \\\"make distcheck\\\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"La regla \\\"make distcheck\\\" en GNU Automake anterior a v1.11.6 y v1.12.x anterior a v1.12.2 asigna permisos world-writable al directorio de extracci\u00f3n, lo que produce una vulnerabilidad de condici\u00f3n de carrera que permite a usuarios locales ejecutar c\u00f3digo a trav\u00e9s de vectores no determinados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"},{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11.5\",\"matchCriteriaId\":\"BF1142BF-7EE4-4937-A928-86057C853BB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825E1F9E-0DFB-47BF-8D28-52B6804C199A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41C63958-FF26-4223-8EF5-1E2CEFD9DBC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"499D5653-552E-44EE-8183-FD5D05BF8F35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE71E960-691A-4816-A04D-A8D1F3CDA2CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.4:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"620AE4A6-8801-4E2E-BC16-4CA0A128EAD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.4:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BB76EC2-1F74-4BB2-B1B5-F3416CDC345B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.4:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E969575-F171-42B7-B02D-CD494D9F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.4:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6396CC6D-2290-4D98-90FD-498EFDAC690B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.4:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8227C2EC-7C6B-4C91-86FE-FD4892C0D855\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.4:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"377CA093-EE7B-4F14-A9D0-62E678EE787E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A8CECA9-BDE4-4E0D-9D1A-3A8B705736CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37F4CA27-ECDF-4F2B-889B-954C1539DB8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A883A1BE-D2F9-43F6-9779-163762DC0BDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"098E2153-D183-4603-AB8E-A424E321CB3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2C958A3-01F2-45A6-8F0B-74BE794E06CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6454F4F7-507E-4539-B566-39E5ABD9F3B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C19F15E-FBBC-4DEB-9438-DCF5FB9CD366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E466BA9-460D-4B7E-BD10-9CD072DE8846\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9ECA16B-1AD3-4199-9D01-018DBDA0AD63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6667859B-7297-4BB1-97DB-195037EB71C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C42854C-5241-43A8-9E27-0701CE97BB94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"855F7E05-B617-4046-B6E4-7894CD237654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD6A46DF-3A7F-40EA-B2D6-BBDB8CEF2744\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26C09EE5-460F-4169-A372-878E77120204\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5205CF45-634B-4994-8CB1-C70B87FFC7D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AFB9079-79EA-4DC3-9C86-72D90788AB35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B2ABAC0-D633-43B6-9BA2-E346E8D2BAAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A579BF1E-0ECE-4D1F-8849-359626B9F250\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FAE2575-4611-481E-AA37-549B2F528864\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F29368AC-C9BA-451B-90DA-CCE8AB291946\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81FB30CC-D96B-443A-B1B5-61F207F80B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FF64364-4A8B-4155-9FDA-E4AF655EA826\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E529FDE-1475-4F83-AD75-795AA2CFCE48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAA3D112-97D4-4605-AAD9-ACD8C1901332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E44D4B2-F8E6-4D2E-800D-2101C1832261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7565230F-80E8-49F2-BFC9-F33B690AC78D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52DA2099-218B-4588-B381-539307426AB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"032119F6-768D-42BF-A4B8-2059BFA3AAD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45D17CFC-3C6D-4EC1-9FED-2C158AC517C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.10.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DD32447-BADF-4E6B-8745-75202A3AF83B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7348FBF0-AD00-4236-9CA0-BA01FD153629\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06107483-9738-4C1A-A706-3DE7D9F04E7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A91930-6A6C-4B56-99DF-8A06F270AEC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CE405EB-E067-464D-86AE-6F0C56C7250E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6C72AC-9EDB-4BB4-8C7F-BA1F886939EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDD57193-65DC-4AFC-96C0-725AC176E7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C64F490F-2837-4A97-BA1E-6E796B8B4F27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CE494CF-6DD2-451E-B9F4-A102B06B9183\"}]}]}],\"references\":[{\"url\":\"http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0526.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:103\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0526.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
}
}
CERTA-2012-AVI-386
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans libpng. Elle est due à une mauvaise gestion des permissions durant la compilation par la commande « make ».
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 libpng 1.0.60.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 libpng 1.4.12 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 libpng 1.5.12 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 libpng 1.2.50 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3386",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3386"
}
],
"links": [],
"reference": "CERTA-2012-AVI-386",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003elibpng\u003c/span\u003e. Elle est due \u00e0 une mauvaise gestion des\npermissions durant la compilation par la commande \u00ab make \u00bb.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Libpng",
"vendor_advisories": [
{
"published_at": null,
"title": "Site Internet de libpng",
"url": "http://www.libpng.org/pub/png/libpng.html"
}
]
}
CERTA-2012-AVI-386
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans libpng. Elle est due à une mauvaise gestion des permissions durant la compilation par la commande « make ».
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 libpng 1.0.60.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 libpng 1.4.12 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 libpng 1.5.12 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 libpng 1.2.50 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3386",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3386"
}
],
"links": [],
"reference": "CERTA-2012-AVI-386",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003elibpng\u003c/span\u003e. Elle est due \u00e0 une mauvaise gestion des\npermissions durant la compilation par la commande \u00ab make \u00bb.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Libpng",
"vendor_advisories": [
{
"published_at": null,
"title": "Site Internet de libpng",
"url": "http://www.libpng.org/pub/png/libpng.html"
}
]
}
OPENSUSE-SU-2022:10031-1
Vulnerability from csaf_opensuse - Published: 2022-06-25 18:01 - Updated: 2022-06-25 18:01Summary
Security update for wdiff
Notes
Title of the patch
Security update for wdiff
Description of the patch
This update for wdiff fixes the following issues:
This update ships wdiff.
Updated to 1.2.2:
* Updated Vietnamese, Swedish, Estonian, Chinese (traditional),
Brazilian Portuguese and Russian translations.
* Updated gnulib.
* Used more recent autotools: autoconf 2.69 and automake 1.14.1.
updated to 1.2.1:
* Added Esperanto translation.
* Updated Czech, German, Spanish, Finnish, Galician, Italian, Dutch,
Polish, Slovenian, Serbian, Swedish, Ukrainian and Vietnamese
translations.
* Updated gnulib.
* Recreated build system using recent versions of autotools.
This will avoid security issues in 'make distcheck' target.
(CVE-2012-3386)
updated to 1.1.2:
* Backport gnulib change to deal with removal of gets function.
This is a build-time-only fix. (Mentioned in Fedora bug #821791)
* Added Serbian translation.
* Updated Danish and Vietnamese translations.
* Work around a bug in the formatting of the man page.
(Debian bug #669340)
* Updated Czech, German, Spanish, Finnish, Dutch, Polish, Slovenian,
Swedish and Ukrainian translations.
* Fix several issue with the use of screen in the test suite.
* Allow WDIFF_PAGER to override PAGER environment variable.
* Do not autodetect less, so we don't auto-enable less-mode.
This should improve things for UTF8 text. (Savannah bug #34224)
Less-mode is considered deprecated, as it isn't fit for multi-byte
encodings. Nevertheless it can still be enabled on the command line.
* Introduces use of ngettext to allow correct handling of plural forms
updated to 1.0.1:
* Updated Polish, Ukrainian, Slovenian, Dutch, Finnish, Swedish and
Czech translations
* Changed major version to 1 to reflect maturity of the package
* Updated Dutch, French, Danish and Slovenian translations
* Added Ukrainian translation
* Improved error reporting in case a child process has problems
* Added tests to the test suite
* Updated gnulib
updated to 0.6.5:
* Never initialize or deinitialize terminals, as we do no cursor
movement
* Deprecated --no-init-term (-K) command line option
* Avoid relative path in man pages
* Updated gnulib, might be particularly important for uClibc
users
updated to 0.6.4:
* Updated Catalan translations
* Updated gnulib
update to 0.6.3:
* `wdiff -d' to read input from single unified diff, perhaps stdin.
* Updated texinfo documentation taking experimental switch into account.
* Experimental programs (mdiff & friends) and a configure switch
--enable-experimental to control them.
* Recent imports from gnulib, use of recent autotools.
* Improved autodetection of termcap library like ncurses.
* Reformatted translations, still a number of fuzzy translations.
* Changed from CVS to bzr for source code version control.
* Various bug fixes. See ChangeLog for a more exhaustive list.
* Introduce --with-default-pager=PAGER configure switch.
* Fix missing newline in info dir entry list.
* Fix shell syntax in configure script
* Updated gnulib and gettext, the latter to 0.18
* Updated Dutch translation
* Fixed a number of portability issues reported by maint.mk syntax checks
* Updated Italian and Swedish translations
* Updated gnulib
Patchnames
openSUSE-2022-10031
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for wdiff",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for wdiff fixes the following issues:\n\nThis update ships wdiff.\n\nUpdated to 1.2.2:\n\n * Updated Vietnamese, Swedish, Estonian, Chinese (traditional),\n Brazilian Portuguese and Russian translations.\n * Updated gnulib.\n * Used more recent autotools: autoconf 2.69 and automake 1.14.1.\n\nupdated to 1.2.1:\n\n * Added Esperanto translation.\n * Updated Czech, German, Spanish, Finnish, Galician, Italian, Dutch,\n Polish, Slovenian, Serbian, Swedish, Ukrainian and Vietnamese\n translations.\n * Updated gnulib.\n * Recreated build system using recent versions of autotools.\n This will avoid security issues in \u0027make distcheck\u0027 target.\n (CVE-2012-3386)\n\nupdated to 1.1.2:\n\n * Backport gnulib change to deal with removal of gets function.\n This is a build-time-only fix. (Mentioned in Fedora bug #821791)\n * Added Serbian translation.\n * Updated Danish and Vietnamese translations.\n * Work around a bug in the formatting of the man page.\n (Debian bug #669340)\n * Updated Czech, German, Spanish, Finnish, Dutch, Polish, Slovenian,\n Swedish and Ukrainian translations.\n * Fix several issue with the use of screen in the test suite.\n * Allow WDIFF_PAGER to override PAGER environment variable.\n * Do not autodetect less, so we don\u0027t auto-enable less-mode.\n This should improve things for UTF8 text. (Savannah bug #34224)\n Less-mode is considered deprecated, as it isn\u0027t fit for multi-byte\n encodings. Nevertheless it can still be enabled on the command line.\n * Introduces use of ngettext to allow correct handling of plural forms\n\nupdated to 1.0.1:\n\n * Updated Polish, Ukrainian, Slovenian, Dutch, Finnish, Swedish and\n Czech translations\n * Changed major version to 1 to reflect maturity of the package\n * Updated Dutch, French, Danish and Slovenian translations\n * Added Ukrainian translation\n * Improved error reporting in case a child process has problems\n * Added tests to the test suite\n * Updated gnulib\n\nupdated to 0.6.5:\n\n * Never initialize or deinitialize terminals, as we do no cursor \n movement\n * Deprecated --no-init-term (-K) command line option\n * Avoid relative path in man pages\n * Updated gnulib, might be particularly important for uClibc \n users\n\nupdated to 0.6.4:\n\n * Updated Catalan translations\n * Updated gnulib\n\nupdate to 0.6.3:\n\n * `wdiff -d\u0027 to read input from single unified diff, perhaps stdin.\n * Updated texinfo documentation taking experimental switch into account.\n * Experimental programs (mdiff \u0026 friends) and a configure switch\n --enable-experimental to control them.\n * Recent imports from gnulib, use of recent autotools.\n * Improved autodetection of termcap library like ncurses.\n * Reformatted translations, still a number of fuzzy translations.\n * Changed from CVS to bzr for source code version control.\n * Various bug fixes. See ChangeLog for a more exhaustive list.\n * Introduce --with-default-pager=PAGER configure switch.\n * Fix missing newline in info dir entry list.\n * Fix shell syntax in configure script\n * Updated gnulib and gettext, the latter to 0.18\n * Updated Dutch translation\n * Fixed a number of portability issues reported by maint.mk syntax checks\n * Updated Italian and Swedish translations\n * Updated gnulib\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-10031",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10031-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:10031-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RHVSBRLGJ5C5MYYVH2AXVEQBTRVMVFRD/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:10031-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RHVSBRLGJ5C5MYYVH2AXVEQBTRVMVFRD/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-3386 page",
"url": "https://www.suse.com/security/cve/CVE-2012-3386/"
}
],
"title": "Security update for wdiff",
"tracking": {
"current_release_date": "2022-06-25T18:01:15Z",
"generator": {
"date": "2022-06-25T18:01:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:10031-1",
"initial_release_date": "2022-06-25T18:01:15Z",
"revision_history": [
{
"date": "2022-06-25T18:01:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "wdiff-1.2.2-bp154.2.1.aarch64",
"product": {
"name": "wdiff-1.2.2-bp154.2.1.aarch64",
"product_id": "wdiff-1.2.2-bp154.2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "wdiff-1.2.2-bp154.2.1.i586",
"product": {
"name": "wdiff-1.2.2-bp154.2.1.i586",
"product_id": "wdiff-1.2.2-bp154.2.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "wdiff-lang-1.2.2-bp154.2.1.noarch",
"product": {
"name": "wdiff-lang-1.2.2-bp154.2.1.noarch",
"product_id": "wdiff-lang-1.2.2-bp154.2.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "wdiff-1.2.2-bp154.2.1.ppc64le",
"product": {
"name": "wdiff-1.2.2-bp154.2.1.ppc64le",
"product_id": "wdiff-1.2.2-bp154.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "wdiff-1.2.2-bp154.2.1.s390x",
"product": {
"name": "wdiff-1.2.2-bp154.2.1.s390x",
"product_id": "wdiff-1.2.2-bp154.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "wdiff-1.2.2-bp154.2.1.x86_64",
"product": {
"name": "wdiff-1.2.2-bp154.2.1.x86_64",
"product_id": "wdiff-1.2.2-bp154.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP4",
"product": {
"name": "SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-bp154.2.1.aarch64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.aarch64"
},
"product_reference": "wdiff-1.2.2-bp154.2.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-bp154.2.1.i586 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.i586"
},
"product_reference": "wdiff-1.2.2-bp154.2.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-bp154.2.1.ppc64le as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.ppc64le"
},
"product_reference": "wdiff-1.2.2-bp154.2.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-bp154.2.1.s390x as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.s390x"
},
"product_reference": "wdiff-1.2.2-bp154.2.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-bp154.2.1.x86_64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.x86_64"
},
"product_reference": "wdiff-1.2.2-bp154.2.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-lang-1.2.2-bp154.2.1.noarch as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:wdiff-lang-1.2.2-bp154.2.1.noarch"
},
"product_reference": "wdiff-lang-1.2.2-bp154.2.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-bp154.2.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.aarch64"
},
"product_reference": "wdiff-1.2.2-bp154.2.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-bp154.2.1.i586 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.i586"
},
"product_reference": "wdiff-1.2.2-bp154.2.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-bp154.2.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.ppc64le"
},
"product_reference": "wdiff-1.2.2-bp154.2.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-bp154.2.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.s390x"
},
"product_reference": "wdiff-1.2.2-bp154.2.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-bp154.2.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.x86_64"
},
"product_reference": "wdiff-1.2.2-bp154.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-lang-1.2.2-bp154.2.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:wdiff-lang-1.2.2-bp154.2.1.noarch"
},
"product_reference": "wdiff-lang-1.2.2-bp154.2.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-3386"
}
],
"notes": [
{
"category": "general",
"text": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.aarch64",
"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.i586",
"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.ppc64le",
"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.s390x",
"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.x86_64",
"SUSE Package Hub 15 SP4:wdiff-lang-1.2.2-bp154.2.1.noarch",
"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.aarch64",
"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.i586",
"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.ppc64le",
"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.s390x",
"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.x86_64",
"openSUSE Leap 15.4:wdiff-lang-1.2.2-bp154.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-3386",
"url": "https://www.suse.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.aarch64",
"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.i586",
"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.ppc64le",
"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.s390x",
"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.x86_64",
"SUSE Package Hub 15 SP4:wdiff-lang-1.2.2-bp154.2.1.noarch",
"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.aarch64",
"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.i586",
"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.ppc64le",
"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.s390x",
"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.x86_64",
"openSUSE Leap 15.4:wdiff-lang-1.2.2-bp154.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-25T18:01:15Z",
"details": "moderate"
}
],
"title": "CVE-2012-3386"
}
]
}
OPENSUSE-SU-2024:10293-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
cppi-1.18-2.4 on GA media
Notes
Title of the patch
cppi-1.18-2.4 on GA media
Description of the patch
These are all security issues fixed in the cppi-1.18-2.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10293
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cppi-1.18-2.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cppi-1.18-2.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10293",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10293-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-4029 page",
"url": "https://www.suse.com/security/cve/CVE-2009-4029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-3386 page",
"url": "https://www.suse.com/security/cve/CVE-2012-3386/"
}
],
"title": "cppi-1.18-2.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10293-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.aarch64",
"product": {
"name": "cppi-1.18-2.4.aarch64",
"product_id": "cppi-1.18-2.4.aarch64"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.aarch64",
"product": {
"name": "cppi-lang-1.18-2.4.aarch64",
"product_id": "cppi-lang-1.18-2.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.ppc64le",
"product": {
"name": "cppi-1.18-2.4.ppc64le",
"product_id": "cppi-1.18-2.4.ppc64le"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.ppc64le",
"product": {
"name": "cppi-lang-1.18-2.4.ppc64le",
"product_id": "cppi-lang-1.18-2.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.s390x",
"product": {
"name": "cppi-1.18-2.4.s390x",
"product_id": "cppi-1.18-2.4.s390x"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.s390x",
"product": {
"name": "cppi-lang-1.18-2.4.s390x",
"product_id": "cppi-lang-1.18-2.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.x86_64",
"product": {
"name": "cppi-1.18-2.4.x86_64",
"product_id": "cppi-1.18-2.4.x86_64"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.x86_64",
"product": {
"name": "cppi-lang-1.18-2.4.x86_64",
"product_id": "cppi-lang-1.18-2.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.aarch64"
},
"product_reference": "cppi-1.18-2.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le"
},
"product_reference": "cppi-1.18-2.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.s390x"
},
"product_reference": "cppi-1.18-2.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.x86_64"
},
"product_reference": "cppi-1.18-2.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64"
},
"product_reference": "cppi-lang-1.18-2.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le"
},
"product_reference": "cppi-lang-1.18-2.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x"
},
"product_reference": "cppi-lang-1.18-2.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
},
"product_reference": "cppi-lang-1.18-2.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-4029"
}
],
"notes": [
{
"category": "general",
"text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-4029",
"url": "https://www.suse.com/security/cve/CVE-2009-4029"
},
{
"category": "external",
"summary": "SUSE Bug 559815 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/559815"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-4029"
},
{
"cve": "CVE-2012-3386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-3386"
}
],
"notes": [
{
"category": "general",
"text": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-3386",
"url": "https://www.suse.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-3386"
}
]
}
OPENSUSE-SU-2024:10576-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
gv-3.7.4-3.8 on GA media
Notes
Title of the patch
gv-3.7.4-3.8 on GA media
Description of the patch
These are all security issues fixed in the gv-3.7.4-3.8 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10576
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gv-3.7.4-3.8 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gv-3.7.4-3.8 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10576",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10576-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-3386 page",
"url": "https://www.suse.com/security/cve/CVE-2012-3386/"
}
],
"title": "gv-3.7.4-3.8 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10576-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gv-3.7.4-3.8.aarch64",
"product": {
"name": "gv-3.7.4-3.8.aarch64",
"product_id": "gv-3.7.4-3.8.aarch64"
}
},
{
"category": "product_version",
"name": "wdiff-1.2.2-5.5.aarch64",
"product": {
"name": "wdiff-1.2.2-5.5.aarch64",
"product_id": "wdiff-1.2.2-5.5.aarch64"
}
},
{
"category": "product_version",
"name": "wdiff-lang-1.2.2-5.5.aarch64",
"product": {
"name": "wdiff-lang-1.2.2-5.5.aarch64",
"product_id": "wdiff-lang-1.2.2-5.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gv-3.7.4-3.8.ppc64le",
"product": {
"name": "gv-3.7.4-3.8.ppc64le",
"product_id": "gv-3.7.4-3.8.ppc64le"
}
},
{
"category": "product_version",
"name": "wdiff-1.2.2-5.5.ppc64le",
"product": {
"name": "wdiff-1.2.2-5.5.ppc64le",
"product_id": "wdiff-1.2.2-5.5.ppc64le"
}
},
{
"category": "product_version",
"name": "wdiff-lang-1.2.2-5.5.ppc64le",
"product": {
"name": "wdiff-lang-1.2.2-5.5.ppc64le",
"product_id": "wdiff-lang-1.2.2-5.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gv-3.7.4-3.8.s390x",
"product": {
"name": "gv-3.7.4-3.8.s390x",
"product_id": "gv-3.7.4-3.8.s390x"
}
},
{
"category": "product_version",
"name": "wdiff-1.2.2-5.5.s390x",
"product": {
"name": "wdiff-1.2.2-5.5.s390x",
"product_id": "wdiff-1.2.2-5.5.s390x"
}
},
{
"category": "product_version",
"name": "wdiff-lang-1.2.2-5.5.s390x",
"product": {
"name": "wdiff-lang-1.2.2-5.5.s390x",
"product_id": "wdiff-lang-1.2.2-5.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gv-3.7.4-3.8.x86_64",
"product": {
"name": "gv-3.7.4-3.8.x86_64",
"product_id": "gv-3.7.4-3.8.x86_64"
}
},
{
"category": "product_version",
"name": "wdiff-1.2.2-5.5.x86_64",
"product": {
"name": "wdiff-1.2.2-5.5.x86_64",
"product_id": "wdiff-1.2.2-5.5.x86_64"
}
},
{
"category": "product_version",
"name": "wdiff-lang-1.2.2-5.5.x86_64",
"product": {
"name": "wdiff-lang-1.2.2-5.5.x86_64",
"product_id": "wdiff-lang-1.2.2-5.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gv-3.7.4-3.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gv-3.7.4-3.8.aarch64"
},
"product_reference": "gv-3.7.4-3.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gv-3.7.4-3.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gv-3.7.4-3.8.ppc64le"
},
"product_reference": "gv-3.7.4-3.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gv-3.7.4-3.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gv-3.7.4-3.8.s390x"
},
"product_reference": "gv-3.7.4-3.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gv-3.7.4-3.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gv-3.7.4-3.8.x86_64"
},
"product_reference": "gv-3.7.4-3.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-5.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wdiff-1.2.2-5.5.aarch64"
},
"product_reference": "wdiff-1.2.2-5.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-5.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wdiff-1.2.2-5.5.ppc64le"
},
"product_reference": "wdiff-1.2.2-5.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-5.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wdiff-1.2.2-5.5.s390x"
},
"product_reference": "wdiff-1.2.2-5.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-1.2.2-5.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wdiff-1.2.2-5.5.x86_64"
},
"product_reference": "wdiff-1.2.2-5.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-lang-1.2.2-5.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.aarch64"
},
"product_reference": "wdiff-lang-1.2.2-5.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-lang-1.2.2-5.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.ppc64le"
},
"product_reference": "wdiff-lang-1.2.2-5.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-lang-1.2.2-5.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.s390x"
},
"product_reference": "wdiff-lang-1.2.2-5.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wdiff-lang-1.2.2-5.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.x86_64"
},
"product_reference": "wdiff-lang-1.2.2-5.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-3386"
}
],
"notes": [
{
"category": "general",
"text": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gv-3.7.4-3.8.aarch64",
"openSUSE Tumbleweed:gv-3.7.4-3.8.ppc64le",
"openSUSE Tumbleweed:gv-3.7.4-3.8.s390x",
"openSUSE Tumbleweed:gv-3.7.4-3.8.x86_64",
"openSUSE Tumbleweed:wdiff-1.2.2-5.5.aarch64",
"openSUSE Tumbleweed:wdiff-1.2.2-5.5.ppc64le",
"openSUSE Tumbleweed:wdiff-1.2.2-5.5.s390x",
"openSUSE Tumbleweed:wdiff-1.2.2-5.5.x86_64",
"openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.aarch64",
"openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.ppc64le",
"openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.s390x",
"openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-3386",
"url": "https://www.suse.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gv-3.7.4-3.8.aarch64",
"openSUSE Tumbleweed:gv-3.7.4-3.8.ppc64le",
"openSUSE Tumbleweed:gv-3.7.4-3.8.s390x",
"openSUSE Tumbleweed:gv-3.7.4-3.8.x86_64",
"openSUSE Tumbleweed:wdiff-1.2.2-5.5.aarch64",
"openSUSE Tumbleweed:wdiff-1.2.2-5.5.ppc64le",
"openSUSE Tumbleweed:wdiff-1.2.2-5.5.s390x",
"openSUSE Tumbleweed:wdiff-1.2.2-5.5.x86_64",
"openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.aarch64",
"openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.ppc64le",
"openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.s390x",
"openSUSE Tumbleweed:wdiff-lang-1.2.2-5.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-3386"
}
]
}
OPENSUSE-SU-2024:10184-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libpng12-0-1.2.56-1.5 on GA media
Notes
Title of the patch
libpng12-0-1.2.56-1.5 on GA media
Description of the patch
These are all security issues fixed in the libpng12-0-1.2.56-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10184
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libpng12-0-1.2.56-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libpng12-0-1.2.56-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10184",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10184-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-1205 page",
"url": "https://www.suse.com/security/cve/CVE-2010-1205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-2501 page",
"url": "https://www.suse.com/security/cve/CVE-2011-2501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3026 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3045 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3048 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-3386 page",
"url": "https://www.suse.com/security/cve/CVE-2012-3386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-7353 page",
"url": "https://www.suse.com/security/cve/CVE-2013-7353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-7354 page",
"url": "https://www.suse.com/security/cve/CVE-2013-7354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9495 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-0973 page",
"url": "https://www.suse.com/security/cve/CVE-2015-0973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8126 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8540 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8540/"
}
],
"title": "libpng12-0-1.2.56-1.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10184-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng12-0-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-0-1.2.56-1.5.aarch64",
"product_id": "libpng12-0-1.2.56-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libpng12-0-32bit-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-0-32bit-1.2.56-1.5.aarch64",
"product_id": "libpng12-0-32bit-1.2.56-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-compat-devel-1.2.56-1.5.aarch64",
"product_id": "libpng12-compat-devel-1.2.56-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"product_id": "libpng12-compat-devel-32bit-1.2.56-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libpng12-devel-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-devel-1.2.56-1.5.aarch64",
"product_id": "libpng12-devel-1.2.56-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libpng12-devel-32bit-1.2.56-1.5.aarch64",
"product": {
"name": "libpng12-devel-32bit-1.2.56-1.5.aarch64",
"product_id": "libpng12-devel-32bit-1.2.56-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng12-0-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-0-1.2.56-1.5.ppc64le",
"product_id": "libpng12-0-1.2.56-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng12-0-32bit-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-0-32bit-1.2.56-1.5.ppc64le",
"product_id": "libpng12-0-32bit-1.2.56-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-compat-devel-1.2.56-1.5.ppc64le",
"product_id": "libpng12-compat-devel-1.2.56-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"product_id": "libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng12-devel-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-devel-1.2.56-1.5.ppc64le",
"product_id": "libpng12-devel-1.2.56-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"product": {
"name": "libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"product_id": "libpng12-devel-32bit-1.2.56-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng12-0-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-0-1.2.56-1.5.s390x",
"product_id": "libpng12-0-1.2.56-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libpng12-0-32bit-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-0-32bit-1.2.56-1.5.s390x",
"product_id": "libpng12-0-32bit-1.2.56-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-compat-devel-1.2.56-1.5.s390x",
"product_id": "libpng12-compat-devel-1.2.56-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"product_id": "libpng12-compat-devel-32bit-1.2.56-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libpng12-devel-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-devel-1.2.56-1.5.s390x",
"product_id": "libpng12-devel-1.2.56-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libpng12-devel-32bit-1.2.56-1.5.s390x",
"product": {
"name": "libpng12-devel-32bit-1.2.56-1.5.s390x",
"product_id": "libpng12-devel-32bit-1.2.56-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng12-0-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-0-1.2.56-1.5.x86_64",
"product_id": "libpng12-0-1.2.56-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpng12-0-32bit-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-0-32bit-1.2.56-1.5.x86_64",
"product_id": "libpng12-0-32bit-1.2.56-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-compat-devel-1.2.56-1.5.x86_64",
"product_id": "libpng12-compat-devel-1.2.56-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"product_id": "libpng12-compat-devel-32bit-1.2.56-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpng12-devel-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-devel-1.2.56-1.5.x86_64",
"product_id": "libpng12-devel-1.2.56-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpng12-devel-32bit-1.2.56-1.5.x86_64",
"product": {
"name": "libpng12-devel-32bit-1.2.56-1.5.x86_64",
"product_id": "libpng12-devel-32bit-1.2.56-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-0-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-0-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-0-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-0-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-32bit-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-0-32bit-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-32bit-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-0-32bit-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-32bit-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-0-32bit-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-0-32bit-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-0-32bit-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-compat-devel-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-compat-devel-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-compat-devel-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-compat-devel-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-compat-devel-32bit-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-devel-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-devel-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-devel-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-devel-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-32bit-1.2.56-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64"
},
"product_reference": "libpng12-devel-32bit-1.2.56-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-32bit-1.2.56-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le"
},
"product_reference": "libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-32bit-1.2.56-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x"
},
"product_reference": "libpng12-devel-32bit-1.2.56-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng12-devel-32bit-1.2.56-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
},
"product_reference": "libpng12-devel-32bit-1.2.56-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-1205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-1205"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-1205",
"url": "https://www.suse.com/security/cve/CVE-2010-1205"
},
{
"category": "external",
"summary": "SUSE Bug 1188284 for CVE-2010-1205",
"url": "https://bugzilla.suse.com/1188284"
},
{
"category": "external",
"summary": "SUSE Bug 617866 for CVE-2010-1205",
"url": "https://bugzilla.suse.com/617866"
},
{
"category": "external",
"summary": "SUSE Bug 622506 for CVE-2010-1205",
"url": "https://bugzilla.suse.com/622506"
},
{
"category": "external",
"summary": "SUSE Bug 639941 for CVE-2010-1205",
"url": "https://bugzilla.suse.com/639941"
},
{
"category": "external",
"summary": "SUSE Bug 854395 for CVE-2010-1205",
"url": "https://bugzilla.suse.com/854395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2010-1205"
},
{
"cve": "CVE-2011-2501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-2501"
}
],
"notes": [
{
"category": "general",
"text": "The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-2501",
"url": "https://www.suse.com/security/cve/CVE-2011-2501"
},
{
"category": "external",
"summary": "SUSE Bug 702578 for CVE-2011-2501",
"url": "https://bugzilla.suse.com/702578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-2501"
},
{
"cve": "CVE-2011-3026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3026"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3026",
"url": "https://www.suse.com/security/cve/CVE-2011-3026"
},
{
"category": "external",
"summary": "SUSE Bug 747311 for CVE-2011-3026",
"url": "https://bugzilla.suse.com/747311"
},
{
"category": "external",
"summary": "SUSE Bug 747327 for CVE-2011-3026",
"url": "https://bugzilla.suse.com/747327"
},
{
"category": "external",
"summary": "SUSE Bug 747328 for CVE-2011-3026",
"url": "https://bugzilla.suse.com/747328"
},
{
"category": "external",
"summary": "SUSE Bug 773612 for CVE-2011-3026",
"url": "https://bugzilla.suse.com/773612"
},
{
"category": "external",
"summary": "SUSE Bug 854395 for CVE-2011-3026",
"url": "https://bugzilla.suse.com/854395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2011-3026"
},
{
"cve": "CVE-2011-3045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3045"
}
],
"notes": [
{
"category": "general",
"text": "Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3045",
"url": "https://www.suse.com/security/cve/CVE-2011-3045"
},
{
"category": "external",
"summary": "SUSE Bug 752008 for CVE-2011-3045",
"url": "https://bugzilla.suse.com/752008"
},
{
"category": "external",
"summary": "SUSE Bug 754456 for CVE-2011-3045",
"url": "https://bugzilla.suse.com/754456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2011-3045"
},
{
"cve": "CVE-2011-3048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3048"
}
],
"notes": [
{
"category": "general",
"text": "The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3048",
"url": "https://www.suse.com/security/cve/CVE-2011-3048"
},
{
"category": "external",
"summary": "SUSE Bug 754745 for CVE-2011-3048",
"url": "https://bugzilla.suse.com/754745"
},
{
"category": "external",
"summary": "SUSE Bug 854395 for CVE-2011-3048",
"url": "https://bugzilla.suse.com/854395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-3048"
},
{
"cve": "CVE-2012-3386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-3386"
}
],
"notes": [
{
"category": "general",
"text": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-3386",
"url": "https://www.suse.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-3386"
},
{
"cve": "CVE-2013-7353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-7353"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-7353",
"url": "https://www.suse.com/security/cve/CVE-2013-7353"
},
{
"category": "external",
"summary": "SUSE Bug 873124 for CVE-2013-7353",
"url": "https://bugzilla.suse.com/873124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-7353"
},
{
"cve": "CVE-2013-7354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-7354"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-7354",
"url": "https://www.suse.com/security/cve/CVE-2013-7354"
},
{
"category": "external",
"summary": "SUSE Bug 873123 for CVE-2013-7354",
"url": "https://bugzilla.suse.com/873123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-7354"
},
{
"cve": "CVE-2014-9495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9495"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9495",
"url": "https://www.suse.com/security/cve/CVE-2014-9495"
},
{
"category": "external",
"summary": "SUSE Bug 912076 for CVE-2014-9495",
"url": "https://bugzilla.suse.com/912076"
},
{
"category": "external",
"summary": "SUSE Bug 912929 for CVE-2014-9495",
"url": "https://bugzilla.suse.com/912929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-9495"
},
{
"cve": "CVE-2015-0973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-0973"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-0973",
"url": "https://www.suse.com/security/cve/CVE-2015-0973"
},
{
"category": "external",
"summary": "SUSE Bug 912929 for CVE-2015-0973",
"url": "https://bugzilla.suse.com/912929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-0973"
},
{
"cve": "CVE-2015-8126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8126"
}
],
"notes": [
{
"category": "general",
"text": "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8126",
"url": "https://www.suse.com/security/cve/CVE-2015-8126"
},
{
"category": "external",
"summary": "SUSE Bug 954980 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/954980"
},
{
"category": "external",
"summary": "SUSE Bug 958198 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/958198"
},
{
"category": "external",
"summary": "SUSE Bug 960402 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/960402"
},
{
"category": "external",
"summary": "SUSE Bug 962743 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/962743"
},
{
"category": "external",
"summary": "SUSE Bug 963937 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/963937"
},
{
"category": "external",
"summary": "SUSE Bug 969333 for CVE-2015-8126",
"url": "https://bugzilla.suse.com/969333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-8126"
},
{
"cve": "CVE-2015-8540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8540"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8540",
"url": "https://www.suse.com/security/cve/CVE-2015-8540"
},
{
"category": "external",
"summary": "SUSE Bug 1149680 for CVE-2015-8540",
"url": "https://bugzilla.suse.com/1149680"
},
{
"category": "external",
"summary": "SUSE Bug 958791 for CVE-2015-8540",
"url": "https://bugzilla.suse.com/958791"
},
{
"category": "external",
"summary": "SUSE Bug 963937 for CVE-2015-8540",
"url": "https://bugzilla.suse.com/963937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-0-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-compat-devel-32bit-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-1.2.56-1.5.x86_64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.aarch64",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.ppc64le",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.s390x",
"openSUSE Tumbleweed:libpng12-devel-32bit-1.2.56-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-8540"
}
]
}
GHSA-MR65-R935-QJPJ
Vulnerability from github – Published: 2022-05-17 05:12 – Updated: 2022-05-17 05:12
VLAI?
Details
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2012-3386"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-08-07T21:55:00Z",
"severity": "MODERATE"
},
"details": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
"id": "GHSA-mr65-r935-qjpj",
"modified": "2022-05-17T05:12:10Z",
"published": "2022-05-17T05:12:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3386"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2013:0526"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:1243"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2012-3386"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838286"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"type": "WEB",
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
}
],
"schema_version": "1.4.0",
"severity": []
}
RHSA-2014:1243
Vulnerability from csaf_redhat - Published: 2014-09-16 05:28 - Updated: 2025-11-21 17:49Summary
Red Hat Security Advisory: automake security update
Notes
Topic
An updated automake package that fixes one security issue is now available
for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
It was found that the distcheck rule in Automake-generated Makefiles made a
directory world-writable when preparing source archives. If a malicious,
local user could access this directory, they could execute arbitrary code
with the privileges of the user running "make distcheck". (CVE-2012-3386)
Red Hat would like to thank Jim Meyering for reporting this issue. Upstream
acknowledges Stefano Lattarini as the original reporter.
All automake users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated automake package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nIt was found that the distcheck rule in Automake-generated Makefiles made a\ndirectory world-writable when preparing source archives. If a malicious,\nlocal user could access this directory, they could execute arbitrary code\nwith the privileges of the user running \"make distcheck\". (CVE-2012-3386)\n\nRed Hat would like to thank Jim Meyering for reporting this issue. Upstream\nacknowledges Stefano Lattarini as the original reporter.\n\nAll automake users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:1243",
"url": "https://access.redhat.com/errata/RHSA-2014:1243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "838286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838286"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1243.json"
}
],
"title": "Red Hat Security Advisory: automake security update",
"tracking": {
"current_release_date": "2025-11-21T17:49:56+00:00",
"generator": {
"date": "2025-11-21T17:49:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2014:1243",
"initial_release_date": "2014-09-16T05:28:47+00:00",
"revision_history": [
{
"date": "2014-09-16T05:28:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-09-16T05:28:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:49:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-0:1.9.6-3.el5.src",
"product": {
"name": "automake-0:1.9.6-3.el5.src",
"product_id": "automake-0:1.9.6-3.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-3.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-0:1.9.6-3.el5.noarch",
"product": {
"name": "automake-0:1.9.6-3.el5.noarch",
"product_id": "automake-0:1.9.6-3.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-3.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-3.el5.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-3.el5.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-3.el5.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-3.el5.src"
},
"product_reference": "automake-0:1.9.6-3.el5.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-3.el5.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-3.el5.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-3.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-3.el5.src"
},
"product_reference": "automake-0:1.9.6-3.el5.src",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jim Meyering"
]
},
{
"names": [
"Stefano Lattarini"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3386",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2012-07-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "838286"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running \"make distcheck\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "automake: locally exploitable \"make distcheck\" bug",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:automake-0:1.9.6-3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-3.el5.src",
"5Server:automake-0:1.9.6-3.el5.noarch",
"5Server:automake-0:1.9.6-3.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "RHBZ#838286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3386",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3386"
}
],
"release_date": "2012-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-09-16T05:28:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Workstation:automake-0:1.9.6-3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-3.el5.src",
"5Server:automake-0:1.9.6-3.el5.noarch",
"5Server:automake-0:1.9.6-3.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:1243"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:automake-0:1.9.6-3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-3.el5.src",
"5Server:automake-0:1.9.6-3.el5.noarch",
"5Server:automake-0:1.9.6-3.el5.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "automake: locally exploitable \"make distcheck\" bug"
}
]
}
RHSA-2014_1243
Vulnerability from csaf_redhat - Published: 2014-09-16 05:28 - Updated: 2024-11-22 06:03Summary
Red Hat Security Advisory: automake security update
Notes
Topic
An updated automake package that fixes one security issue is now available
for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
It was found that the distcheck rule in Automake-generated Makefiles made a
directory world-writable when preparing source archives. If a malicious,
local user could access this directory, they could execute arbitrary code
with the privileges of the user running "make distcheck". (CVE-2012-3386)
Red Hat would like to thank Jim Meyering for reporting this issue. Upstream
acknowledges Stefano Lattarini as the original reporter.
All automake users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated automake package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nIt was found that the distcheck rule in Automake-generated Makefiles made a\ndirectory world-writable when preparing source archives. If a malicious,\nlocal user could access this directory, they could execute arbitrary code\nwith the privileges of the user running \"make distcheck\". (CVE-2012-3386)\n\nRed Hat would like to thank Jim Meyering for reporting this issue. Upstream\nacknowledges Stefano Lattarini as the original reporter.\n\nAll automake users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:1243",
"url": "https://access.redhat.com/errata/RHSA-2014:1243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "838286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838286"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1243.json"
}
],
"title": "Red Hat Security Advisory: automake security update",
"tracking": {
"current_release_date": "2024-11-22T06:03:09+00:00",
"generator": {
"date": "2024-11-22T06:03:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2014:1243",
"initial_release_date": "2014-09-16T05:28:47+00:00",
"revision_history": [
{
"date": "2014-09-16T05:28:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-09-16T05:28:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:03:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-0:1.9.6-3.el5.src",
"product": {
"name": "automake-0:1.9.6-3.el5.src",
"product_id": "automake-0:1.9.6-3.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-3.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-0:1.9.6-3.el5.noarch",
"product": {
"name": "automake-0:1.9.6-3.el5.noarch",
"product_id": "automake-0:1.9.6-3.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-3.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-3.el5.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-3.el5.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-3.el5.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-3.el5.src"
},
"product_reference": "automake-0:1.9.6-3.el5.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-3.el5.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-3.el5.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-3.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-3.el5.src"
},
"product_reference": "automake-0:1.9.6-3.el5.src",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jim Meyering"
]
},
{
"names": [
"Stefano Lattarini"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3386",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2012-07-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "838286"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running \"make distcheck\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "automake: locally exploitable \"make distcheck\" bug",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:automake-0:1.9.6-3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-3.el5.src",
"5Server:automake-0:1.9.6-3.el5.noarch",
"5Server:automake-0:1.9.6-3.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "RHBZ#838286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3386",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3386"
}
],
"release_date": "2012-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-09-16T05:28:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Workstation:automake-0:1.9.6-3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-3.el5.src",
"5Server:automake-0:1.9.6-3.el5.noarch",
"5Server:automake-0:1.9.6-3.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:1243"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:automake-0:1.9.6-3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-3.el5.src",
"5Server:automake-0:1.9.6-3.el5.noarch",
"5Server:automake-0:1.9.6-3.el5.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "automake: locally exploitable \"make distcheck\" bug"
}
]
}
RHSA-2013_0526
Vulnerability from csaf_redhat - Published: 2013-02-20 16:20 - Updated: 2024-11-22 06:03Summary
Red Hat Security Advisory: automake security update
Notes
Topic
An updated automake package that fixes one security issue is now available
for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
It was found that the distcheck rule in Automake-generated Makefiles made a
directory world-writable when preparing source archives. If a malicious,
local user could access this directory, they could execute arbitrary code
with the privileges of the user running "make distcheck". (CVE-2012-3386)
Red Hat would like to thank Jim Meyering for reporting this issue. Upstream
acknowledges Stefano Lattarini as the original reporter.
Users of automake are advised to upgrade to this updated package, which
corrects this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated automake package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nIt was found that the distcheck rule in Automake-generated Makefiles made a\ndirectory world-writable when preparing source archives. If a malicious,\nlocal user could access this directory, they could execute arbitrary code\nwith the privileges of the user running \"make distcheck\". (CVE-2012-3386)\n\nRed Hat would like to thank Jim Meyering for reporting this issue. Upstream\nacknowledges Stefano Lattarini as the original reporter.\n\nUsers of automake are advised to upgrade to this updated package, which\ncorrects this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0526",
"url": "https://access.redhat.com/errata/RHSA-2013:0526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "838286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838286"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0526.json"
}
],
"title": "Red Hat Security Advisory: automake security update",
"tracking": {
"current_release_date": "2024-11-22T06:03:03+00:00",
"generator": {
"date": "2024-11-22T06:03:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0526",
"initial_release_date": "2013-02-20T16:20:00+00:00",
"revision_history": [
{
"date": "2013-02-20T16:20:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-02-20T16:28:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:03:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-0:1.11.1-4.el6.noarch",
"product": {
"name": "automake-0:1.11.1-4.el6.noarch",
"product_id": "automake-0:1.11.1-4.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.11.1-4.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-0:1.11.1-4.el6.src",
"product": {
"name": "automake-0:1.11.1-4.el6.src",
"product_id": "automake-0:1.11.1-4.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.11.1-4.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:automake-0:1.11.1-4.el6.noarch"
},
"product_reference": "automake-0:1.11.1-4.el6.noarch",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:automake-0:1.11.1-4.el6.src"
},
"product_reference": "automake-0:1.11.1-4.el6.src",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.noarch as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:automake-0:1.11.1-4.el6.noarch"
},
"product_reference": "automake-0:1.11.1-4.el6.noarch",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:automake-0:1.11.1-4.el6.src"
},
"product_reference": "automake-0:1.11.1-4.el6.src",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:automake-0:1.11.1-4.el6.noarch"
},
"product_reference": "automake-0:1.11.1-4.el6.noarch",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:automake-0:1.11.1-4.el6.src"
},
"product_reference": "automake-0:1.11.1-4.el6.src",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:automake-0:1.11.1-4.el6.noarch"
},
"product_reference": "automake-0:1.11.1-4.el6.noarch",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:automake-0:1.11.1-4.el6.src"
},
"product_reference": "automake-0:1.11.1-4.el6.src",
"relates_to_product_reference": "6Workstation"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jim Meyering"
]
},
{
"names": [
"Stefano Lattarini"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3386",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2012-07-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "838286"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running \"make distcheck\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "automake: locally exploitable \"make distcheck\" bug",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional:automake-0:1.11.1-4.el6.noarch",
"6Client-optional:automake-0:1.11.1-4.el6.src",
"6ComputeNode:automake-0:1.11.1-4.el6.noarch",
"6ComputeNode:automake-0:1.11.1-4.el6.src",
"6Server:automake-0:1.11.1-4.el6.noarch",
"6Server:automake-0:1.11.1-4.el6.src",
"6Workstation:automake-0:1.11.1-4.el6.noarch",
"6Workstation:automake-0:1.11.1-4.el6.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "RHBZ#838286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3386",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3386"
}
],
"release_date": "2012-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-02-20T16:20:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional:automake-0:1.11.1-4.el6.noarch",
"6Client-optional:automake-0:1.11.1-4.el6.src",
"6ComputeNode:automake-0:1.11.1-4.el6.noarch",
"6ComputeNode:automake-0:1.11.1-4.el6.src",
"6Server:automake-0:1.11.1-4.el6.noarch",
"6Server:automake-0:1.11.1-4.el6.src",
"6Workstation:automake-0:1.11.1-4.el6.noarch",
"6Workstation:automake-0:1.11.1-4.el6.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0526"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-optional:automake-0:1.11.1-4.el6.noarch",
"6Client-optional:automake-0:1.11.1-4.el6.src",
"6ComputeNode:automake-0:1.11.1-4.el6.noarch",
"6ComputeNode:automake-0:1.11.1-4.el6.src",
"6Server:automake-0:1.11.1-4.el6.noarch",
"6Server:automake-0:1.11.1-4.el6.src",
"6Workstation:automake-0:1.11.1-4.el6.noarch",
"6Workstation:automake-0:1.11.1-4.el6.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "automake: locally exploitable \"make distcheck\" bug"
}
]
}
RHSA-2013:0526
Vulnerability from csaf_redhat - Published: 2013-02-20 16:20 - Updated: 2025-11-21 17:42Summary
Red Hat Security Advisory: automake security update
Notes
Topic
An updated automake package that fixes one security issue is now available
for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
It was found that the distcheck rule in Automake-generated Makefiles made a
directory world-writable when preparing source archives. If a malicious,
local user could access this directory, they could execute arbitrary code
with the privileges of the user running "make distcheck". (CVE-2012-3386)
Red Hat would like to thank Jim Meyering for reporting this issue. Upstream
acknowledges Stefano Lattarini as the original reporter.
Users of automake are advised to upgrade to this updated package, which
corrects this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated automake package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nIt was found that the distcheck rule in Automake-generated Makefiles made a\ndirectory world-writable when preparing source archives. If a malicious,\nlocal user could access this directory, they could execute arbitrary code\nwith the privileges of the user running \"make distcheck\". (CVE-2012-3386)\n\nRed Hat would like to thank Jim Meyering for reporting this issue. Upstream\nacknowledges Stefano Lattarini as the original reporter.\n\nUsers of automake are advised to upgrade to this updated package, which\ncorrects this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0526",
"url": "https://access.redhat.com/errata/RHSA-2013:0526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "838286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838286"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0526.json"
}
],
"title": "Red Hat Security Advisory: automake security update",
"tracking": {
"current_release_date": "2025-11-21T17:42:30+00:00",
"generator": {
"date": "2025-11-21T17:42:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2013:0526",
"initial_release_date": "2013-02-20T16:20:00+00:00",
"revision_history": [
{
"date": "2013-02-20T16:20:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-02-20T16:28:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:42:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-0:1.11.1-4.el6.noarch",
"product": {
"name": "automake-0:1.11.1-4.el6.noarch",
"product_id": "automake-0:1.11.1-4.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.11.1-4.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-0:1.11.1-4.el6.src",
"product": {
"name": "automake-0:1.11.1-4.el6.src",
"product_id": "automake-0:1.11.1-4.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.11.1-4.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:automake-0:1.11.1-4.el6.noarch"
},
"product_reference": "automake-0:1.11.1-4.el6.noarch",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:automake-0:1.11.1-4.el6.src"
},
"product_reference": "automake-0:1.11.1-4.el6.src",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.noarch as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:automake-0:1.11.1-4.el6.noarch"
},
"product_reference": "automake-0:1.11.1-4.el6.noarch",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:automake-0:1.11.1-4.el6.src"
},
"product_reference": "automake-0:1.11.1-4.el6.src",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:automake-0:1.11.1-4.el6.noarch"
},
"product_reference": "automake-0:1.11.1-4.el6.noarch",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:automake-0:1.11.1-4.el6.src"
},
"product_reference": "automake-0:1.11.1-4.el6.src",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:automake-0:1.11.1-4.el6.noarch"
},
"product_reference": "automake-0:1.11.1-4.el6.noarch",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.11.1-4.el6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:automake-0:1.11.1-4.el6.src"
},
"product_reference": "automake-0:1.11.1-4.el6.src",
"relates_to_product_reference": "6Workstation"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jim Meyering"
]
},
{
"names": [
"Stefano Lattarini"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2012-3386",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2012-07-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "838286"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running \"make distcheck\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "automake: locally exploitable \"make distcheck\" bug",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional:automake-0:1.11.1-4.el6.noarch",
"6Client-optional:automake-0:1.11.1-4.el6.src",
"6ComputeNode:automake-0:1.11.1-4.el6.noarch",
"6ComputeNode:automake-0:1.11.1-4.el6.src",
"6Server:automake-0:1.11.1-4.el6.noarch",
"6Server:automake-0:1.11.1-4.el6.src",
"6Workstation:automake-0:1.11.1-4.el6.noarch",
"6Workstation:automake-0:1.11.1-4.el6.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "RHBZ#838286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=838286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3386",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3386"
}
],
"release_date": "2012-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-02-20T16:20:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional:automake-0:1.11.1-4.el6.noarch",
"6Client-optional:automake-0:1.11.1-4.el6.src",
"6ComputeNode:automake-0:1.11.1-4.el6.noarch",
"6ComputeNode:automake-0:1.11.1-4.el6.src",
"6Server:automake-0:1.11.1-4.el6.noarch",
"6Server:automake-0:1.11.1-4.el6.src",
"6Workstation:automake-0:1.11.1-4.el6.noarch",
"6Workstation:automake-0:1.11.1-4.el6.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0526"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-optional:automake-0:1.11.1-4.el6.noarch",
"6Client-optional:automake-0:1.11.1-4.el6.src",
"6ComputeNode:automake-0:1.11.1-4.el6.noarch",
"6ComputeNode:automake-0:1.11.1-4.el6.src",
"6Server:automake-0:1.11.1-4.el6.noarch",
"6Server:automake-0:1.11.1-4.el6.src",
"6Workstation:automake-0:1.11.1-4.el6.noarch",
"6Workstation:automake-0:1.11.1-4.el6.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "automake: locally exploitable \"make distcheck\" bug"
}
]
}
FKIE_CVE-2012-3386
Vulnerability from fkie_nvd - Published: 2012-08-07 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | automake | * | |
| gnu | automake | 1.0 | |
| gnu | automake | 1.2 | |
| gnu | automake | 1.3 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.5 | |
| gnu | automake | 1.6 | |
| gnu | automake | 1.6.1 | |
| gnu | automake | 1.6.2 | |
| gnu | automake | 1.6.3 | |
| gnu | automake | 1.7 | |
| gnu | automake | 1.7.1 | |
| gnu | automake | 1.7.2 | |
| gnu | automake | 1.7.3 | |
| gnu | automake | 1.7.4 | |
| gnu | automake | 1.7.5 | |
| gnu | automake | 1.7.6 | |
| gnu | automake | 1.7.7 | |
| gnu | automake | 1.7.8 | |
| gnu | automake | 1.7.9 | |
| gnu | automake | 1.8 | |
| gnu | automake | 1.8.1 | |
| gnu | automake | 1.8.2 | |
| gnu | automake | 1.8.3 | |
| gnu | automake | 1.8.4 | |
| gnu | automake | 1.8.5 | |
| gnu | automake | 1.9 | |
| gnu | automake | 1.9.1 | |
| gnu | automake | 1.9.2 | |
| gnu | automake | 1.9.3 | |
| gnu | automake | 1.9.4 | |
| gnu | automake | 1.9.5 | |
| gnu | automake | 1.9.6 | |
| gnu | automake | 1.10 | |
| gnu | automake | 1.10.0.3 | |
| gnu | automake | 1.10.1 | |
| gnu | automake | 1.10.2 | |
| gnu | automake | 1.10.3 | |
| gnu | automake | 1.11.1 | |
| gnu | automake | 1.11.2 | |
| gnu | automake | 1.11.3 | |
| gnu | automake | 1.11.4 | |
| gnu | automake | 1.12 | |
| gnu | automake | 1.12.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:automake:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1142BF-7EE4-4937-A928-86057C853BB8",
"versionEndIncluding": "1.11.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825E1F9E-0DFB-47BF-8D28-52B6804C199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41C63958-FF26-4223-8EF5-1E2CEFD9DBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "499D5653-552E-44EE-8183-FD5D05BF8F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE71E960-691A-4816-A04D-A8D1F3CDA2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "620AE4A6-8801-4E2E-BC16-4CA0A128EAD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "5BB76EC2-1F74-4BB2-B1B5-F3416CDC345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p3:*:*:*:*:*:*",
"matchCriteriaId": "1E969575-F171-42B7-B02D-CD494D9F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p4:*:*:*:*:*:*",
"matchCriteriaId": "6396CC6D-2290-4D98-90FD-498EFDAC690B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p5:*:*:*:*:*:*",
"matchCriteriaId": "8227C2EC-7C6B-4C91-86FE-FD4892C0D855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p6:*:*:*:*:*:*",
"matchCriteriaId": "377CA093-EE7B-4F14-A9D0-62E678EE787E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8CECA9-BDE4-4E0D-9D1A-3A8B705736CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "37F4CA27-ECDF-4F2B-889B-954C1539DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A883A1BE-D2F9-43F6-9779-163762DC0BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "098E2153-D183-4603-AB8E-A424E321CB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C958A3-01F2-45A6-8F0B-74BE794E06CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6454F4F7-507E-4539-B566-39E5ABD9F3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C19F15E-FBBC-4DEB-9438-DCF5FB9CD366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E466BA9-460D-4B7E-BD10-9CD072DE8846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ECA16B-1AD3-4199-9D01-018DBDA0AD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6667859B-7297-4BB1-97DB-195037EB71C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C42854C-5241-43A8-9E27-0701CE97BB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "855F7E05-B617-4046-B6E4-7894CD237654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6A46DF-3A7F-40EA-B2D6-BBDB8CEF2744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "26C09EE5-460F-4169-A372-878E77120204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5205CF45-634B-4994-8CB1-C70B87FFC7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFB9079-79EA-4DC3-9C86-72D90788AB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2ABAC0-D633-43B6-9BA2-E346E8D2BAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A579BF1E-0ECE-4D1F-8849-359626B9F250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAE2575-4611-481E-AA37-549B2F528864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F29368AC-C9BA-451B-90DA-CCE8AB291946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81FB30CC-D96B-443A-B1B5-61F207F80B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF64364-4A8B-4155-9FDA-E4AF655EA826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E529FDE-1475-4F83-AD75-795AA2CFCE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA3D112-97D4-4605-AAD9-ACD8C1901332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E44D4B2-F8E6-4D2E-800D-2101C1832261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7565230F-80E8-49F2-BFC9-F33B690AC78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52DA2099-218B-4588-B381-539307426AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "032119F6-768D-42BF-A4B8-2059BFA3AAD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45D17CFC-3C6D-4EC1-9FED-2C158AC517C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD32447-BADF-4E6B-8745-75202A3AF83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7348FBF0-AD00-4236-9CA0-BA01FD153629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06107483-9738-4C1A-A706-3DE7D9F04E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A91930-6A6C-4B56-99DF-8A06F270AEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE405EB-E067-464D-86AE-6F0C56C7250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6C72AC-9EDB-4BB4-8C7F-BA1F886939EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD57193-65DC-4AFC-96C0-725AC176E7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C64F490F-2837-4A97-BA1E-6E796B8B4F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE494CF-6DD2-451E-B9F4-A102B06B9183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "La regla \"make distcheck\" en GNU Automake anterior a v1.11.6 y v1.12.x anterior a v1.12.2 asigna permisos world-writable al directorio de extracci\u00f3n, lo que produce una vulnerabilidad de condici\u00f3n de carrera que permite a usuarios locales ejecutar c\u00f3digo a trav\u00e9s de vectores no determinados."
}
],
"id": "CVE-2012-3386",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-07T21:55:01.420",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2012-3386
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-3386",
"description": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
"id": "GSD-2012-3386",
"references": [
"https://www.suse.com/security/cve/CVE-2012-3386.html",
"https://access.redhat.com/errata/RHSA-2014:1243",
"https://access.redhat.com/errata/RHSA-2013:0526",
"https://alas.aws.amazon.com/cve/html/CVE-2012-3386.html",
"https://linux.oracle.com/cve/CVE-2012-3386.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-3386"
],
"details": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
"id": "GSD-2012-3386",
"modified": "2023-12-13T01:20:20.566869Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76",
"refsource": "MISC",
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0526.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.4:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.4:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.11.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.10.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.4:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.4:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.4:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.4:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3386"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[automake] 20120709 CVE-2012-3386 Automake security fix for \u0027make distcheck\u0027",
"refsource": "MLIST",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"name": "MDVSA-2012:103",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"refsource": "MLIST",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"refsource": "MLIST",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "openSUSE-SU-2012:1519",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "RHSA-2013:0526",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "FEDORA-2012-14297",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
},
{
"name": "FEDORA-2012-14770",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "FEDORA-2012-14349",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T04:33Z",
"publishedDate": "2012-08-07T21:55Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…