Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-366-1 arts

Debian Security Advisory

DLA-366-1 arts -- LTS security update

Date Reported:

10 Dec 2015

Affected Packages:

arts

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-7543.

More information:

It has been reported that arts uses the insecure mktemp() function to create the temporary directory it uses to host user-specific sockets. It is thus possible for another user to hijack this temporary directory and gain IPC access it should not have.

In Debian 6 Squeeze, this issue has been addressed in arts 1.5.9-3+deb6u1 with the use of the safer mkdtemp() function. We recommend that you upgrade your arts packages.

Other Debian releases do not have the arts package.