Re: interesting security update to bristol just came out

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 15, 2010 at 12:39 PM, Niels Mayer wrote:
> I noticed that bristol-0.40.7-7 updated due to the following security
> update. What got me curious is what kind of security issue could
> running bristol possibly pose?? -- none on it's own, but another rogue
> package could exploit this issue ...
>

It is a minor security issue that also existed in our ardour and
tuxguitar packages, which are fixed now.

In order to exploit the security flaw, the attacker needs to have an
account on your computer, and he must have write access in one of the
common directories that you also use. There he places his malicious
"library". Then you open your command prompt and go to that directory,
you launch bristol there and boom.

This is more of a threat for public computers, and if you trust
everyone who has an account on your computer, there is nothing to
worry.

Orcan
_______________________________________________
music mailing list
music@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/music


[Index of Archives]     [Linux Audio Users]     [ALSA Users]     [Fedora Development]     [Fedora Desktop]     [Fedora Users]     [Gimp]     [Yosemite News]

  Powered by Linux