Package name
flite
Date
2014-02-14
Advisory ID
MDVSA-2014:032
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in flite:

The play_wave_from_socket function in audio/auserver.c in Flite 1.4
allows local users to modify arbitrary files via a symlink attack
on /tmp/awb.wav. NOTE: some of these details are obtained from third
party information (CVE-2014-0027).

The updated packages have been patched to correct this issue.

Updated packages

MBS1 x86_64

 9ff31a7d8198f78a479e6b61df16e65a  mbs1/x86_64/flite-1.3-2.1.mbs1.x86_64.rpm
 27f5093dfbae9b8632064a117229a5ff  mbs1/x86_64/lib64flite-devel-1.3-2.1.mbs1.x86_64.rpm 
 1a7c3036c885f25f810cd61a8fef93b8  mbs1/SRPMS/flite-1.3-2.1.mbs1.src.rpm

References