Package name
Advisory ID
Affected versions
6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

A problem exists with the esound daemon, which is used in GNOME and responsible for multiplexing access to audio devices. Versions of esound prior to and including 0.2.19 create a world-writable directory in /tmp called .esd which is owned by the user running esound. This directory is used to store a unix domain socket. The socket is also created world-writable, so a race condition exists in the creation of this socket which allows a local attacker to cause an arbitrary file or directory owned by the user running esound to become world-writable. This update contains a patch from FreeBSD which creates ~/.esd as the temporary directory to use and makes the unix domain socket read and write only to the user.

Updated packages

6.1 i586

 3eb693743a17d237cdd6a9679f234a91  6.1/RPMS/esound-0.2.17-3mdk.i586.rpm
6b1a692fe7f1406f4a9370f4f28bc021  6.1/RPMS/esound-devel-0.2.17-3mdk.i586.rpm
1c4b670641b77b8cc554d4ad606dd69d  6.1/SRPMS/esound-0.2.17-3mdk.src.rpm

6.0 i586

 431a7e94f65caf2432dbb54bacd92f69  6.0/RPMS/esound-0.2.17-3mdk.i586.rpm
994fd55dd710df335b222ef5c7c8ffe2  6.0/RPMS/esound-devel-0.2.17-3mdk.i586.rpm
1c4b670641b77b8cc554d4ad606dd69d  6.0/SRPMS/esound-0.2.17-3mdk.src.rpm

7.0 i586

 ba39fd515be195c2b712ad00575e61a1  7.0/RPMS/esound-0.2.17-3mdk.i586.rpm
83e4a43330bc6ec6fdd760e9963aa896  7.0/RPMS/esound-devel-0.2.17-3mdk.i586.rpm
1c4b670641b77b8cc554d4ad606dd69d  7.0/SRPMS/esound-0.2.17-3mdk.src.rpm

7.1 i586

 68ac26c5d5d7c0bc6ec8011a874eca52  7.1/RPMS/esound-0.2.17-3mdk.i586.rpm
ccf73d853a85ee6ec1c2bab3bc8814e4  7.1/RPMS/esound-devel-0.2.17-3mdk.i586.rpm
1c4b670641b77b8cc554d4ad606dd69d  7.1/SRPMS/esound-0.2.17-3mdk.src.rpm