Fedora has issued an advisory on January 10:
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron.
Updated flite packages fix security vulnerability:
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows
local users to modify arbitrary files via a symlink attack on /tmp/awb.wav
Updated packages in core/updates_testing:
Steps to Reproduce:
flite has no man entry. The equivalent is at
but it does not behave exactly as one might expect.
Given a working sound system, is is easy to test very basically from the command line:
flite -t word
flite -t "word"
will say 'word'.
flite "a string of words"
flite -t "a string of words"
will *say* the string.
If <file> is a simple text file of real words:
flite -f <file>
will *say* the text in the file.
flite a string of words
is not helpful, it tries to open file 'a'.
flite -t a string of words
is useless, does nothing. It should say the string.
is not helpful, it tries to open file 'word'.
Testing on Mag4 64-bit real hardware.
Installed base flite, ran simple tests OK.
Updated from Testing repositories:
Simple tests still OK.
If this is deemed adequate, can the bug be Whiteboarded MGA3-64-OK ?
(In reply to Lewis Smith from comment #2)
> If this is deemed adequate, can the bug be Whiteboarded MGA3-64-OK ?
yes, please proceed
Well done Lewis.
Testing complete mga3 32
MGA3TOO has_procedure =>
MGA3TOO has_procedure mga3-32-ok mga4-64-ok
Testing complete mga3 64
MGA3TOO has_procedure mga3-32-ok mga4-64-ok =>
MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok
Just needs testing mga4 32 and can then be validated.
MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok =>
MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-64-ok
I'm on mga4 32.
Testing complete mga4 i586. I could not find instructions on how to reproduce the security issue (though thanks for your general purpose procedure Lewis!), but since the patch is pretty harmless, we can validate.
BTW Lewis, whenever a program has no man page, you can always try "<program> --help". Here "flite --help" provides some info.
Advisory has already been upload. Could a sysadmin push the update from core/updates_testing to core/updates, both for Mageia 3 and Mageia 4?
MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-64-ok =>
MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-okCC: