[PlanetCCRMA] [Fedora-music-list] interesting security update to bristol just came out
Orcan Ogetbil
oget.fedora at gmail.com
Mon Nov 15 11:29:29 PST 2010
On Mon, Nov 15, 2010 at 12:39 PM, Niels Mayer wrote:
> I noticed that bristol-0.40.7-7 updated due to the following security
> update. What got me curious is what kind of security issue could
> running bristol possibly pose?? -- none on it's own, but another rogue
> package could exploit this issue ...
>
It is a minor security issue that also existed in our ardour and
tuxguitar packages, which are fixed now.
In order to exploit the security flaw, the attacker needs to have an
account on your computer, and he must have write access in one of the
common directories that you also use. There he places his malicious
"library". Then you open your command prompt and go to that directory,
you launch bristol there and boom.
This is more of a threat for public computers, and if you trust
everyone who has an account on your computer, there is nothing to
worry.
Orcan
More information about the PlanetCCRMA
mailing list