Advisories » MGASA-2021-0001

Updated audacity package fixes security vulnerability

Publication date: 02 Jan 2021
Modification date: 02 Jan 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-11867

Description

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by
default. After Audacity creates the temporary directory, it sets its
permissions to 755. Any user on the system can read and play the temporary
audio .au files located there (CVE-2020-11867).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27850
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867

SRPMS

7/core

• audacity-2.3.1-1.2.mga7