Fedora has issued an advisory on January 10: https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated flite packages fix security vulnerability: The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav (CVE-2014-0027). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0027 https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html ======================== Updated packages in core/updates_testing: ======================== flite-1.4-2.1.mga3 libflite-devel-1.4-2.1.mga3 flite-1.4-4.1.mga4 libflite1-1.4-4.1.mga4 libflite-devel-1.4-4.1.mga4 from SRPMS: flite-1.4-2.1.mga3.src.rpm flite-1.4-4.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
flite has no man entry. The equivalent is at /usr/share/doc/flite/html/flite_6.html#flite-binary but it does not behave exactly as one might expect. Given a working sound system, is is easy to test very basically from the command line: flite -t word flite -t "word" will say 'word'. flite "a string of words" flite -t "a string of words" will *say* the string. If <file> is a simple text file of real words: flite <file> flite -f <file> will *say* the text in the file. flite a string of words is not helpful, it tries to open file 'a'. flite -t a string of words is useless, does nothing. It should say the string. flite "word" is not helpful, it tries to open file 'word'.
CC: (none) => lewyssmith
CC: (none) => stormiWhiteboard: MGA3TOO => MGA3TOO has_procedure
Testing on Mag4 64-bit real hardware. Installed base flite, ran simple tests OK. Updated from Testing repositories: lib64flite1-1.4-4.1.mga4 flite-1.4-4.1.mga4 Simple tests still OK. If this is deemed adequate, can the bug be Whiteboarded MGA3-64-OK ?
(In reply to Lewis Smith from comment #2) > If this is deemed adequate, can the bug be Whiteboarded MGA3-64-OK ? Sorry. MGA4-64-OK
yes, please proceed
Well done Lewis. Testing complete mga3 32
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga3-32-ok mga4-64-ok
Testing complete mga3 64
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok
Advisory uploaded. Just needs testing mga4 32 and can then be validated.
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-64-ok
I'm on mga4 32.
CC: (none) => remi
Testing complete mga4 i586. I could not find instructions on how to reproduce the security issue (though thanks for your general purpose procedure Lewis!), but since the patch is pretty harmless[1], we can validate. BTW Lewis, whenever a program has no man page, you can always try "<program> --help". Here "flite --help" provides some info. [1] https://bugzilla.redhat.com/attachment.cgi?id=846118 -- Advisory has already been upload. Could a sysadmin push the update from core/updates_testing to core/updates, both for Mageia 3 and Mageia 4?
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0047.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED