MGASA-2021-0001 - Updated audacity package fixes security vulnerability Publication date: 02 Jan 2021 URL: https://advisories.mageia.org/MGASA-2021-0001.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-11867 Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there (CVE-2020-11867). References: - https://bugs.mageia.org/show_bug.cgi?id=27850 - https://lists.opensuse.org/archives/list/[email protected]/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867 SRPMS: - 7/core/audacity-2.3.1-1.2.mga7
Mageia 2021-0001: audacity security update
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default
Summary
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by
default. After Audacity creates the temporary directory, it sets its
permissions to 755. Any user on the system can read and play the temporary
audio .au files located there (CVE-2020-11867).
References
- https://bugs.mageia.org/show_bug.cgi?id=27850
- https://lists.opensuse.org/archives/list/[email protected]/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867
Resolution
MGASA-2021-0001 - Updated audacity package fixes security vulnerability
SRPMS
- 7/core/audacity-2.3.1-1.2.mga7
Severity
Publication date: 02 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0001.html
Type: security
CVE: CVE-2020-11867
News
HOWTOs
Features
A Complete Guide to Security Automation & Reporting Using Open Source Tools
How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central
Linux Malware: The Truth About This Growing Threat [Updated]
About Us
Powered By
