MDVSA-2008:074
- Nom du paquet
- audacity
- Date
- 2008-03-20
- Advisory ID
- MDVSA-2008:074
- Affected versions
- 2007.1 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.0 i586 , 2007.1 x86_64
Problem description
Audacity creates a temporary directory with a predictable name without
checking for previous existence of that directory, which allows local
users to cause a denial of service (recording deadlock) by creating
the directory before Audacity is run. This issue can also be leveraged
to delete arbitrary files or directories via a symlink attack.
The updated package fixes the issue.
Updated packages
2007.1 i586
5ebb4356f5e9410fb34fd13b1d9f52e0 2007.1/i586/audacity-1.3.2-4.1mdv2007.1.i586.rpm b209fd344cd78af953a44187221e24b4 2007.1/SRPMS/audacity-1.3.2-4.1mdv2007.1.src.rpm
CS3.0 x86_64
de7a02ceda34724803ac961ba153523b corporate/3.0/x86_64/audacity-1.2.0-1.1.C30mdk.x86_64.rpm 646559674bbb1a57cb867b8122a1794d corporate/3.0/SRPMS/audacity-1.2.0-1.1.C30mdk.src.rpm
2008.0 x86_64
b6e400b8db075cb58e1a3d739fbcd45c 2008.0/x86_64/audacity-1.3.3-1.1mdv2008.0.x86_64.rpm 07e566b52f9c14b4fb457d317ace5132 2008.0/SRPMS/audacity-1.3.3-1.1mdv2008.0.src.rpm
CS3.0 i586
8b6718bc8dfa06a369b56d4b54506c82 corporate/3.0/i586/audacity-1.2.0-1.1.C30mdk.i586.rpm 646559674bbb1a57cb867b8122a1794d corporate/3.0/SRPMS/audacity-1.2.0-1.1.C30mdk.src.rpm
2008.0 i586
ba5c283112363eb7a5ba759ee19db460 2008.0/i586/audacity-1.3.3-1.1mdv2008.0.i586.rpm 07e566b52f9c14b4fb457d317ace5132 2008.0/SRPMS/audacity-1.3.3-1.1mdv2008.0.src.rpm
2007.1 x86_64
495b67476845f9831c5aa509cb4fed56 2007.1/x86_64/audacity-1.3.2-4.1mdv2007.1.x86_64.rpm b209fd344cd78af953a44187221e24b4 2007.1/SRPMS/audacity-1.3.2-4.1mdv2007.1.src.rpm