m4 security advisore

— filed under: Security

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688

New m4 package is available in the testing repository.

Document Actions

Newsletter Signup: Get the latest release and security updates via email.

Releases: ETA for Vector Linux 8.0? May 28, 2013; VLOCITY 64bit FINAL is available Jul 14, 2012; VectorLinux 7.0 SOHO FINAL is released May 31, 2012; VL7.0-SOHO-RC3 is available for testing Apr 15, 2012; Vector Linux 7.0 Light released. Mar 20, 2012; More…

Security: Pidgin security update May 30, 2009; Cyrus-sasl security update May 16, 2009; Xpdf security update May 16, 2009; Gnutls security update May 16, 2009; Ruby security update May 16, 2009; More…