It has been reported that arts uses the insecure mktemp() function
to create the temporary directory it uses to host user-specific sockets.
It is thus possible for another user to hijack this temporary directory
and gain IPC access it should not have.
In Debian 6 Squeeze, this issue has been addressed in arts
1.5.9-3+deb6u1 with the use of the safer mkdtemp() function.
We recommend that you upgrade your arts packages.
Other Debian releases do not have the arts package.
CPE | Name | Operator | Version |
---|---|---|---|
arts | eq | 1.5.9-3 | |
arts | eq | 1.5.9-3+avr32 |