Flite 'play_wave_from_socket()'不安全临时文件创建漏洞

BUGTRAQ ID: 64791 CVECAN ID: CVE-2014-0027 Flite是小型的实时综合性引擎。 Flite 1.4及其他版本中，audio/auserver.c的playwavefromsocket函数创建临时文件的方式不安全，本地用户通过对/tmp/awb.wav的符号链接攻击，利用此漏洞可修改任意文件。 0 festvox Flite 1.4 厂商补丁： festvox ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.festvox.org/flite/...

[SECURITY] Fedora 20 Update: flite-1.3-21.fc20

Flite festival-lite is a small, fast run-time speech synthesis engine developed at CMU and primarily designed for small embedded machines and/or large servers. Flite is designed as an alternative synthesis engine to Festival for voices built using the FestVox suite of voice building tools...