Bugzilla – Bug 1160908
VUL-0: CVE-2013-7171: llvm,llvm5,llvm6,llvm7: llvm: insecure RPATH in certain binaries
Last modified: 2020-01-14 12:35:58 UTC
CVE-2013-7171 It was reported that certain binaries provided by the llvm package had an insecure RPATH (/tmp/) entry: http://www.linuxsecurity.com/content/view/160596?rdf This could lead to arbitrary code execution with the privileges of the user running the affected binaries. This issue did not affect any llvm or mingw-llvm packages in Fedora or EPEL, as the packages are built in /buildir/, not /tmp/. CVE request: http://seclists.org/oss-sec/2013/q4/525 References: https://bugzilla.redhat.com/show_bug.cgi?id=1044842 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7171 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7171 http://www.openwall.com/lists/oss-security/2013/12/20/1 http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7171.html https://exchange.xforce.ibmcloud.com/vulnerabilities/89915 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7171 https://security-tracker.debian.org/tracker/CVE-2013-7171 http://cve.mitre.org/cve/request_id.html http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-devel/llvm/files/llvm-3.3-insecure-rpath.patch?view=diff&r1=text&tr1=1.1&r2=text&tr2=1.1&diff_format=f http://seclists.org/bugtraq/2013/Dec/93
That is a slackware specific issue. Closing