Package : arts Version : 1.5.9-3+deb6u1 CVE ID : CVE-2015-7543 It has been reported that arts uses the insecure mktemp() function to create the temporary directory it uses to host user-specific sockets. It is thus possible for another user to hijack this temporary directory and gain IPC access it should not have. In Debian 6 “Squeeze”, this issue has been addressed in arts 1.5.9-3+deb6u1 with the use of the safer mkdtemp() function. We recommend that you upgrade your arts packages. Other Debian releases do not have the arts package. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: PGP signature