Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-202310-04 High Severity: VLC Player Buffer Overflow Issue

gentoo
Calendar Grey March 3, 2008
Dist Gentoo Esm H88
Vulnerabilities in temporary file management within Audacity facilitate symlink exploitation; users should consider updating their software.
Audacity uses temporary files in an insecure manner, allowing for a symlink attack.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200803-03
                                            https://security.gentoo.org/

  Severity: Normal
     Title: Audacity: Insecure temporary file creation
      Date: March 02, 2008
      Bugs: #199751
        ID: 200803-03


Synopsis
=======
Audacity uses temporary files in an insecure manner, allowing for a
symlink attack.

Background
=========
Audacity is a free cross-platform audio editor.

Affected packages
================
    -------------------------------------------------------------------
     Package               /  Vulnerable  /                 Unaffected
    -------------------------------------------------------------------
  1  media-sound/audacity     < 1.3.4-r1                   >= 1.3.4-r1

==========
Viktor Griph reported that the "AudacityApp::OnInit()" method in file
src/AudacityApp.cpp does not handle temporary files properly.

Impact
=====
A local attacker...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory symlink attack insecure file handling file management Gentoo Linux normal severity Audacity

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory symlink attack insecure file handling file management Gentoo Linux normal severity Audacity

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here