Joined: 12 May 2004
|Posted: Wed Dec 25, 2013 11:03 am Post subject: [ GLSA 201312-06 ] Festival: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: Festival: Arbitrary code execution (GLSA 201312-06)
Date: December 09, 2013
A vulnerability in Festival could result in arbitrary code
execution, and privilege escalation.
Festival is a Text to Speech Engine from The Centre for Speech
Vulnerable: < 2.1
Unaffected: >= 2.1
Architectures: All supported architectures
A vulnerability in Festival Server has an incorrect path in
LD_LIBRARY_PATH, which allows local users to place a Trojan horse shared
library in the current working directory.
A local attacker can execute arbitrary a Trojan horse shared library,
potentially resulting in arbitrary code execution and privilege
There is no known workaround at this time.
All Festival users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-accessibility/festival-2.1"