Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Fedora 22: 2015-8dd01b09a9 Moderate: Arts IPC Hijacking Issue

fedora
Calendar Grey December 30, 2015
Dist Fedora Esm H88
Patch addresses vulnerable temp directory configurations in the audio service, preventing IPC exploitation. Critical security notification!
Security fix for CVE-2015-7543 in arts (the legacy aRts sound server): A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the...

Summary

arts (analog real-time synthesizer) is the sound system of KDE 3.

The principle of arts is to create/process sound using small modules which do

certain tasks. These may be create a waveform (oscillators), play samples,

filter data, add signals, perform effects like delay/flanger/chorus, or

output the data to the soundcard.

By connecting all those small modules together, you can perform complex

tasks like simulating a mixer, generating an instrument or things like

playing a wave file with some effects.

Update Information:

Security fix for CVE-2015-7543 in arts (the legacy aRts sound server): A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter- process communication (IPC). This update fixes the temporary directory creation to use the safe mkdtemp function instead.

Change Log

References


[ 1 ] Bug #1280543 - CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC https://bugzilla.redhat.com/show_bug.cgi?id=1280543

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update arts' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: arts
Product: Fedora 22
Version: 1.5.10
Release: 30.fc22
Summary: aRts (analog realtime synthesizer) - the KDE sound system

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.