Package name
audacity
Date
2008-03-20
Advisory ID
MDVSA-2008:074
Affected versions
2007.1 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.0 i586 , 2007.1 x86_64

Problem description

Audacity creates a temporary directory with a predictable name without
checking for previous existence of that directory, which allows local
users to cause a denial of service (recording deadlock) by creating
the directory before Audacity is run. This issue can also be leveraged
to delete arbitrary files or directories via a symlink attack.

The updated package fixes the issue.

Updated packages

2007.1 i586

 5ebb4356f5e9410fb34fd13b1d9f52e0  2007.1/i586/audacity-1.3.2-4.1mdv2007.1.i586.rpm 
 b209fd344cd78af953a44187221e24b4  2007.1/SRPMS/audacity-1.3.2-4.1mdv2007.1.src.rpm

CS3.0 x86_64

 de7a02ceda34724803ac961ba153523b  corporate/3.0/x86_64/audacity-1.2.0-1.1.C30mdk.x86_64.rpm 
 646559674bbb1a57cb867b8122a1794d  corporate/3.0/SRPMS/audacity-1.2.0-1.1.C30mdk.src.rpm

2008.0 x86_64

 b6e400b8db075cb58e1a3d739fbcd45c  2008.0/x86_64/audacity-1.3.3-1.1mdv2008.0.x86_64.rpm 
 07e566b52f9c14b4fb457d317ace5132  2008.0/SRPMS/audacity-1.3.3-1.1mdv2008.0.src.rpm

CS3.0 i586

 8b6718bc8dfa06a369b56d4b54506c82  corporate/3.0/i586/audacity-1.2.0-1.1.C30mdk.i586.rpm 
 646559674bbb1a57cb867b8122a1794d  corporate/3.0/SRPMS/audacity-1.2.0-1.1.C30mdk.src.rpm

2008.0 i586

 ba5c283112363eb7a5ba759ee19db460  2008.0/i586/audacity-1.3.3-1.1mdv2008.0.i586.rpm 
 07e566b52f9c14b4fb457d317ace5132  2008.0/SRPMS/audacity-1.3.3-1.1mdv2008.0.src.rpm

2007.1 x86_64

 495b67476845f9831c5aa509cb4fed56  2007.1/x86_64/audacity-1.3.2-4.1mdv2007.1.x86_64.rpm 
 b209fd344cd78af953a44187221e24b4  2007.1/SRPMS/audacity-1.3.2-4.1mdv2007.1.src.rpm

References