MDVSA-2008:074 -- Mandriva audacityID: oval:org.secpod.oval:def:301574 | Date: (C)2012-01-07 (M)2022-02-08 |
Class: PATCH | Family: unix |
Audacity creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service by creating the directory before Audacity is run. This issue can also be leveraged to delete arbitrary files or directories via a symlink attack. The updated package fixes the issue.
Platform: |
Mandriva Linux 2007.1 |
Mandriva Linux 2008.0 |