Security update for audacity SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:2261-1 Final 1 1 2020-12-15T11:27:36Z current 2020-12-15T11:27:36Z 2020-12-15T11:27:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for audacity This update for audacity fixes the following issues: - CVE-2020-11867: Avoid saving temporary files to /var/tmp/audacity-$USER by default, which permissions are set to 755. (bsc#1179449) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-2261 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/ E-Mail link for openSUSE-SU-2020:2261-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1179449 SUSE Bug 1179449 https://www.suse.com/security/cve/CVE-2020-11867/ SUSE CVE CVE-2020-11867 page SUSE Package Hub 15 SP1 SUSE Package Hub 15 SP2 openSUSE Leap 15.1 openSUSE Leap 15.2 audacity-2.2.2-bp152.4.3.1 audacity-lang-2.2.2-bp152.4.3.1 audacity-2.2.2-bp152.4.3.1 as a component of SUSE Package Hub 15 SP1 audacity-lang-2.2.2-bp152.4.3.1 as a component of SUSE Package Hub 15 SP1 audacity-2.2.2-bp152.4.3.1 as a component of SUSE Package Hub 15 SP2 audacity-lang-2.2.2-bp152.4.3.1 as a component of SUSE Package Hub 15 SP2 audacity-2.2.2-bp152.4.3.1 as a component of openSUSE Leap 15.1 audacity-lang-2.2.2-bp152.4.3.1 as a component of openSUSE Leap 15.1 audacity-2.2.2-bp152.4.3.1 as a component of openSUSE Leap 15.2 audacity-lang-2.2.2-bp152.4.3.1 as a component of openSUSE Leap 15.2 Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. CVE-2020-11867 SUSE Package Hub 15 SP1:audacity-2.2.2-bp152.4.3.1 SUSE Package Hub 15 SP1:audacity-lang-2.2.2-bp152.4.3.1 SUSE Package Hub 15 SP2:audacity-2.2.2-bp152.4.3.1 SUSE Package Hub 15 SP2:audacity-lang-2.2.2-bp152.4.3.1 openSUSE Leap 15.1:audacity-2.2.2-bp152.4.3.1 openSUSE Leap 15.1:audacity-lang-2.2.2-bp152.4.3.1 openSUSE Leap 15.2:audacity-2.2.2-bp152.4.3.1 openSUSE Leap 15.2:audacity-lang-2.2.2-bp152.4.3.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MIO5YFJW5KODA2NDQAAMKAOM57Z2ZM4W/ https://www.suse.com/security/cve/CVE-2020-11867.html CVE-2020-11867 https://bugzilla.suse.com/1179449 SUSE Bug 1179449