Bug 1044842 (CVE-2013-7171)

Summary: CVE-2013-7171 llvm: insecure RPATH in certain binaries
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ajax, bos, dmalcolm, extras-orphan, jkurik, jv+fedora, michel, petersen, pfrields, scottt.tw, spacewar, vdanen, vkrizan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-19 05:36:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Murray McAllister 2013-12-19 05:35:14 UTC
It was reported that certain binaries provided by the llvm package had an insecure RPATH (/tmp/) entry:


This could lead to arbitrary code execution with the privileges of the user running the affected binaries.

This issue did not affect any llvm or mingw-llvm packages in Fedora or EPEL, as the packages are built in /buildir/, not /tmp/.

CVE request: http://seclists.org/oss-sec/2013/q4/525

Comment 1 Murray McAllister 2013-12-20 03:44:31 UTC
CVE-2013-7171 was assigned to this issue: http://seclists.org/oss-sec/2013/q4/527