Red Hat Bugzilla – Bug 393251
CVE-2007-6061 Audacity insecure temporary file handling
Last modified: 2016-03-04 07:46:06 EST
Description of problem:
As per report from Gentoo (see URL) Anaconda uses a temporary file with
predictable name, which can be exploited locally by conducting a symlink attack
to remove arbitrary file from victim's home directory.
CVE identifier for this issue was requested.
Gentoo has released a security advisory to address this flaw:
Here is the patch used by Gentoo:
Upstream discussion related to Gentoo patch:
Any idea, as to when this will be fixed in fedora?
audacity-1.3.2-21.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
audacity-1.3.2-21.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Auto-closing this failed due to a bug in bodhi.
opening, shouldn't be autoclosed as this is the bug we use for tracing audacity
across all red hat products and services, not just Fedora.
This issue was addressed in:
Reporter changed to email@example.com by request of Jay Turner.