Upstream information

CVE-2012-3386 at MITRE

Description

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.38
Vector AV:L/AC:M/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 770618 [RESOLVED / FIXED], 786745 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libpng12-0 >= 1.2.50-8.21
  • libpng12-0-32bit >= 1.2.50-8.21
  • wdiff >= 1.2.1-3.64
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libpng12-0
SUSE Linux Enterprise Desktop 12 GA wdiff
SUSE Linux Enterprise Desktop 12 SP1
  • libpng12-0 >= 1.2.50-8.21
  • libpng12-0-32bit >= 1.2.50-8.21
  • libpng15-15 >= 1.5.22-2.2
  • wdiff >= 1.2.1-3.64
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libpng12-0
SUSE Linux Enterprise Desktop 12 SP1 GA libpng15-15
SUSE Linux Enterprise Desktop 12 SP1 GA wdiff
SUSE Linux Enterprise Desktop 12 SP2
  • libpng12-0 >= 1.2.50-13.1
  • libpng12-0-32bit >= 1.2.50-13.1
  • libpng15-15 >= 1.5.22-4.1
  • wdiff >= 1.2.1-3.64
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libpng12-0
SUSE Linux Enterprise Desktop 12 SP2 GA libpng15-15
SUSE Linux Enterprise Desktop 12 SP2 GA wdiff
SUSE Linux Enterprise Server 11 SP2
  • automake >= 1.10.1-4.131.9.1
Patchnames:
slessp2-automake
SUSE Linux Enterprise Server 11 SP3
  • automake >= 1.10.1-4.131.9.1
Patchnames:
slessp3-automake
SUSE Linux Enterprise Server 11 SP4
  • automake >= 1.10.1-4.131.9.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA automake
SUSE Linux Enterprise Server 12
  • gv >= 3.7.4-1.39
  • libpng12-0 >= 1.2.50-8.21
  • libpng12-0-32bit >= 1.2.50-8.21
  • wdiff >= 1.2.1-3.64
Patchnames:
SUSE Linux Enterprise Server 12 GA gv
SUSE Linux Enterprise Server 12 GA libpng12-0
SUSE Linux Enterprise Server 12 SP1
  • gv >= 3.7.4-1.39
  • libpng12-0 >= 1.2.50-8.21
  • libpng12-0-32bit >= 1.2.50-8.21
  • libpng15-15 >= 1.5.22-2.2
  • wdiff >= 1.2.1-3.64
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA gv
SUSE Linux Enterprise Server 12 SP1 GA libpng12-0
SUSE Linux Enterprise Server 12 SP1 GA libpng15-15
SUSE Linux Enterprise Server 12 SP2
  • gv >= 3.7.4-1.39
  • libpng12-0 >= 1.2.50-13.1
  • libpng12-0-32bit >= 1.2.50-13.1
  • libpng15-15 >= 1.5.22-4.1
  • wdiff >= 1.2.1-3.64
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA gv
SUSE Linux Enterprise Server 12 SP2 GA libpng12-0
SUSE Linux Enterprise Server 12 SP2 GA libpng15-15
SUSE Linux Enterprise Server for VMWare 11 SP2
  • automake >= 1.10.1-4.131.9.1
Patchnames:
slessp2-automake
SUSE Linux Enterprise Server for VMWare 11 SP3
  • automake >= 1.10.1-4.131.9.1
Patchnames:
slessp3-automake
SUSE Linux Enterprise Software Development Kit 11 SP2
  • automake >= 1.10.1-4.131.9.1
Patchnames:
sdksp2-automake
SUSE Linux Enterprise Software Development Kit 11 SP3
  • automake >= 1.10.1-4.131.9.1
Patchnames:
sdksp3-automake
SUSE Linux Enterprise Software Development Kit 11 SP4
  • automake >= 1.10.1-4.131.9.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA automake
SUSE Linux Enterprise Software Development Kit 12
  • libpng12-compat-devel >= 1.2.50-8.21
  • libpng12-devel >= 1.2.50-8.21
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libpng12-compat-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libpng12-compat-devel >= 1.2.50-8.21
  • libpng12-devel >= 1.2.50-8.21
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libpng12-compat-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libpng12-compat-devel >= 1.2.50-13.1
  • libpng12-devel >= 1.2.50-13.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libpng12-compat-devel
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Software Development Kit 11 SP3
  • automake >= 1.10.1-4.131.9.1
Builds
SAT Patch Nr: 8197
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Software Development Kit 11 SP2
  • automake >= 1.10.1-4.131.9.1
Builds
SAT Patch Nr: 8196
openSUSE 13.2
  • gv >= 3.7.4-2.1.4
  • libpng12-0 >= 1.2.51-3.1.2
  • libpng12-0-32bit >= 1.2.51-3.1.2
  • libpng12-compat-devel >= 1.2.51-3.1.2
  • libpng12-devel >= 1.2.51-3.1.2
  • wdiff >= 1.2.2-2.1.2
  • wdiff-lang >= 1.2.2-2.1.2
Patchnames:
openSUSE 13.2 GA gv
openSUSE 13.2 GA libpng12-0
openSUSE Leap 42.1
  • gv >= 3.7.4-5.2
  • libpng12-0 >= 1.2.50-3.2
  • libpng12-0-32bit >= 1.2.50-3.2
  • libpng12-devel >= 1.2.50-3.2
  • wdiff >= 1.2.2-6.2
  • wdiff-lang >= 1.2.2-6.2
Patchnames:
openSUSE Leap 42.1 GA gv
openSUSE Leap 42.1 GA libpng12-0
openSUSE Leap 42.2
  • gv >= 3.7.4-6.4
  • libpng12-0 >= 1.2.50-9.1
  • libpng12-0-32bit >= 1.2.50-9.1
  • libpng12-devel >= 1.2.50-9.1
  • wdiff >= 1.2.2-7.4
  • wdiff-lang >= 1.2.2-7.4
Patchnames:
openSUSE Leap 42.2 GA gv
openSUSE Leap 42.2 GA libpng12-0
openSUSE Tumbleweed
  • cppi >= 1.18-2.4
  • cppi-lang >= 1.18-2.4
  • gv >= 3.7.4-3.8
  • libpng12-0 >= 1.2.56-1.5
  • libpng12-0-32bit >= 1.2.56-1.5
  • libpng12-compat-devel >= 1.2.56-1.5
  • libpng12-compat-devel-32bit >= 1.2.56-1.5
  • libpng12-devel >= 1.2.56-1.5
  • libpng12-devel-32bit >= 1.2.56-1.5
  • wdiff >= 1.2.2-5.5
  • wdiff-lang >= 1.2.2-5.5
Patchnames:
openSUSE Tumbleweed GA cppi
openSUSE Tumbleweed GA gv
openSUSE Tumbleweed GA libpng12-0