oss-sec mailing list archives
Security fixes in m4-1.4.11
From: "Patrick J. Volkerding" <security () slackware com>
Date: Sun, 06 Apr 2008 19:24:25 -0500
Hello all,GNU m4-1.4.11 was released on 2008-04-02. While browsing the ChangeLog (and then NEWS) I noticed these security related items. I'm not sure how severe the impact is of these issues, but since I have not seen them mentioned on any security lists yet a heads-up seemed to be in order.
From the ChangeLog: Minor security fix: Quote output of mkstemp. * src/builtin.c (mkstemp_helper): Produce quoted output. * doc/m4.texinfo (Mkstemp): Update the documentation and tests. * NEWS: Document this change. Security fix: avoid arbitrary code execution with 'm4 -F'. * src/freeze.c (produce_frozen_state): Never pass raw file name as printf format. * NEWS: Document this fix. From the NEWS file:** Security fixes for the -F option, for bugs present since -F was introduced in 1.3: Avoid core dump with 'm4 -F file -t undefined', and avoid arbitrary code execution with certain file names.
** The output of the `maketemp' and `mkstemp' builtins is now quoted ifa file was created. This is a minor security fix, because it was possible (although rather unlikely) that an unquoted string could match an existing macro name, such that use of the `mkstemp' output would trigger inadvertent macro expansion and operate on the wrong file name.
Cheers, Pat
Current thread:
- Security fixes in m4-1.4.11 Patrick J. Volkerding (Apr 06)
- Re: Security fixes in m4-1.4.11 Steven M. Christey (Apr 06)
- Re: Security fixes in m4-1.4.11 Lubomir Kundrak (Apr 07)
- Re: Security fixes in m4-1.4.11 Florian Weimer (Apr 07)
- Re: Security fixes in m4-1.4.11 Josh Bressers (Apr 11)
- Re: Security fixes in m4-1.4.11 Lubomir Kundrak (Apr 07)
- Re: Security fixes in m4-1.4.11 Steven M. Christey (Apr 06)