Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-0027

The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2014-0027 (Candidate) is related to these bugs:

Bug #1451462: flite fails to build in trusty

Summary				In	Importance	Status
	1451462	flite fails to build in trusty		flite (Ubuntu)	High	Fix Released
	1451462	flite fails to build in trusty		flite (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.osvdb.org/1...
MISC: http://www.securityfoc...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.mandriva.co...
MISC: http://seclists.org/os...
MISC: https://bugzilla.redha...