[Frugalware-security] [ FSA-451 ] audacity

Miklos Vajna vmiklos at frugalware.org
Tue May 20 13:28:58 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-451

Date: 2008-05-20
Package: audacity
Vulnerable versions: <= 1.3.3-2
Unaffected versions: >= 1.3.5-1kalgan1
Related bugreport: http://bugs.frugalware.org/task/3080
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6061

Description
===========

Viktor Griph has reported a security issue in Audacity, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to delete arbitrary files and directories.
The security issue is caused due to the "AudacityApp::OnInit()" method in src/AudacityApp.cpp handling temporary files in an insecure manner. This can be exploited to delete arbitrary files and directories via symlink attacks, or to cause a deadlock.

Updated Packages
================

Check if you have audacity installed:

	# pacman-g2 -Q audacity

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy audacity

Availability
============

The latest revision of this advisory is available at
http://frugalware.org/security/451

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iEYEARECAAYFAkgytfoACgkQZ7NElSD1VhkGXgCgitrY7pMb6TVrdkFnGlWsHplf
QOwAmgODrQ9GWusmFZy7Miw7XqAvuThW
=aRfn
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list