Mageia 2021-0001: audacity security update | LinuxSecurity.com
MGASA-2021-0001 - Updated audacity package fixes security vulnerability

Publication date: 02 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0001.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-11867

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by
default. After Audacity creates the temporary directory, it sets its
permissions to 755. Any user on the system can read and play the temporary
audio .au files located there (CVE-2020-11867).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27850
- https://lists.opensuse.org/archives/list/[email protected]/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867

SRPMS:
- 7/core/audacity-2.3.1-1.2.mga7

Mageia 2021-0001: audacity security update

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default

Summary

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there (CVE-2020-11867).

References

- https://bugs.mageia.org/show_bug.cgi?id=27850

- https://lists.opensuse.org/archives/list/[email protected]/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867

Resolution

MGASA-2021-0001 - Updated audacity package fixes security vulnerability

SRPMS

- 7/core/audacity-2.3.1-1.2.mga7

Severity
Publication date: 02 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0001.html
Type: security
CVE: CVE-2020-11867

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.