tags 453283 + patch -- Hi, * Luk Claes <[EMAIL PROTECTED]> [2007-12-29 02:33]: > On Tue, Dec 04, 2007 at 08:51:57PM +0100, Joost Yervante Damad wrote: > > On Wednesday 28 November 2007 11:28:21 Steffen Joeris wrote: [...] > > Does anyone have an idea how to fix this? I scanned trough the code, but > > did > > not find a "quick" solution, besides disabling the > > /tmp/audacity1.2-<LOGNAME> > > altogether. > > Well, the easiest solution is to have a random name of the > directory (mktemp -d for instance can create such a > directory very easily).
Attached is a patch for an NMU that fixes this problem by moving the temp directory to the users home directory. I have chosen this method because audacity-data is already located in the users home directory. Additionaly I added a NEWS file to alert users who already installed audacity and thus are already vulnerable. The patch will be also archived on: http://people.debian.org/~nion/nmu-diff/audacity-1.3.4-1_1.3.4-1.1.patch NOTE: this is no patch for the upstream version as it does not fix this bug for MacOS and Windows users. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u audacity-1.3.4/debian/changelog audacity-1.3.4/debian/changelog
--- audacity-1.3.4/debian/changelog
+++ audacity-1.3.4/debian/changelog
@@ -1,3 +1,14 @@
+audacity (1.3.4-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * Fix insecure directory creation in /tmp by moving the directory
+ to the users home directory (CVE-2007-6061; Closes: #453283).
+ * Adding NEWS file to advise the user to change the tmp path
+ in his config file so there is a notification for users who
+ are already vulnerable.
+
+ -- Nico Golde <[EMAIL PROTECTED]> Mon, 21 Jan 2008 19:08:54 +0100
+
audacity (1.3.4-1) unstable; urgency=low
[ Joost Yervante Damad ]
--- audacity-1.3.4.orig/debian/NEWS
+++ audacity-1.3.4/debian/NEWS
@@ -0,0 +1,11 @@
+audacity (1.3.4-1.1) unstable; urgency=high
+
+ * This update fixes a security issue (CVE-2007-6061).
+ * Please either delete ~/.audacity-data/audacity.cfg or change
+ the value of TempDir in audacity.cfg to
+ <PATHTOYOURHOME>/.audacity1.3-<YOURUSERNAME>
+ to prevent other local users from performing a symlink attack
+ resulting in potential data loss of your local files.
+
+ -- Nico Golde <[EMAIL PROTECTED]> Mon, 21 Jan 2008 19:08:54 +0100
+
--- audacity-1.3.4.orig/debian/patches/CVE-2007-6061.patch
+++ audacity-1.3.4/debian/patches/CVE-2007-6061.patch
@@ -0,0 +1,11 @@
+--- src/AudacityApp.cpp.orig 2007-11-13 23:01:37.000000000 +0100
++++ src/AudacityApp.cpp 2008-01-21 19:05:13.000000000 +0100
+@@ -573,7 +573,7 @@
+ // * The user's .audacity-files directory in their home directory
+ // * The "share" and "share/doc" directories in their install path
+ #ifdef __WXGTK__
+- defaultTempDir.Printf(wxT("/tmp/audacity%d.%d-%s"),
++ defaultTempDir.Printf(wxT("%s/.audacity%d.%d-%s"), home.c_str(),
+ AUDACITY_VERSION, AUDACITY_RELEASE, wxGetUserId().c_str());
+
+ wxString pathVar = wxGetenv(wxT("AUDACITY_PATH"));
pgpw8bXi3Hkfg.pgp
Description: PGP signature
