MGASA-2021-0001 - Updated audacity package fixes security vulnerability Publication date: 02 Jan 2021 URL: https://advisories.mageia.org/MGASA-2021-0001.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-11867 Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there (CVE-2020-11867). References: - https://bugs.mageia.org/show_bug.cgi?id=27850 - https://lists.opensuse.org/archives/list/[email protected]/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867 SRPMS: - 7/core/audacity-2.3.1-1.2.mga7
Mageia 2021-0001: audacity security update
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default
Summary
CVE: CVE-2020-11867
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by
default. After Audacity creates the temporary directory, it sets its
permissions to 755. Any user on the system can read and play the temporary
audio .au files located there (CVE-2020-11867).
Resolution
MGASA-2021-0001 - Updated audacity package fixes security vulnerability
References
- https://bugs.mageia.org/show_bug.cgi?id=27850
- https://lists.opensuse.org/archives/list/[email protected]/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867
Severity
Issued Date: 02 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0001.html
Type: security
Affected Mageia releases: 7
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden's New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
