7 matches found
Updated flite package fixes CVE-2014-0027
Updated flite packages fix security vulnerability: The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav CVE-2014-0027...
Flite 'play_wave_from_socket()'不安全临时文件创建漏洞
BUGTRAQ ID: 64791 CVECAN ID: CVE-2014-0027 Flite是小型的实时综合性引擎。 Flite 1.4及其他版本中,audio/auserver.c的playwavefromsocket函数创建临时文件的方式不安全,本地用户通过对/tmp/awb.wav的符号链接攻击,利用此漏洞可修改任意文件。 0 festvox Flite 1.4 厂商补丁: festvox ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.festvox.org/flite/...
CVE-2014-0027
The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...
Information disclosure
The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...
CVE-2014-0027
The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...
UBUNTU-CVE-2014-0027
The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...
CVE-2014-0027
The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...