paul Posted June 23, 2010 Report Share Posted June 23, 2010 The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file (CVE-2009-1299). This update fixes this issue. Link to comment Share on other sites More sharing options...
Recommended Posts