Advisories ยป MGASA-2014-0047

Updated flite package fixes CVE-2014-0027

Publication date: 10 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0027

Description

Updated flite packages fix security vulnerability:

The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows
local users to modify arbitrary files via a symlink attack on /tmp/awb.wav
(CVE-2014-0027).
                

References

SRPMS

3/core

4/core