DescriptionMurray McAllister
2013-12-19 05:35:14 UTC
It was reported that certain binaries provided by the llvm package had an insecure RPATH (/tmp/) entry:
http://www.linuxsecurity.com/content/view/160596?rdf
This could lead to arbitrary code execution with the privileges of the user running the affected binaries.
This issue did not affect any llvm or mingw-llvm packages in Fedora or EPEL, as the packages are built in /buildir/, not /tmp/.
CVE request: http://seclists.org/oss-sec/2013/q4/525
Comment 1Murray McAllister
2013-12-20 03:44:31 UTC