Mageia 2021-0001: audacity security update
Mageia 2021-0001: audacity security update
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there (CVE-2020-11867).
MGASA-2021-0001 - Updated audacity package fixes security vulnerability
Publication date: 02 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0001.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-11867
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by
default. After Audacity creates the temporary directory, it sets its
permissions to 755. Any user on the system can read and play the temporary
audio .au files located there (CVE-2020-11867).
References:
- https://bugs.mageia.org/show_bug.cgi?id=27850
- https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867
SRPMS:
- 7/core/audacity-2.3.1-1.2.mga7