Bug#495758: kwave has rpath to insecure location (/build/buildd/kwave-0.7.10/build/mt:/build/buildd/kwave-0.7.10/build/libgui:/build/buildd/kwave-0.7.10/build/libkwave)

[Bill Allombert]

Package: kwave
Version: 0.7.10-1.1
Severity: serious
Tags: security

Hello Bertrand,
kwave includes a binary /tmp/kwave//usr/share/apps/kwave/plugins/about
with a rpath pointing to
/build/buildd/kwave-0.7.10/build/mt:/build/buildd/kwave-0.7.10/build/libgui:/build/buildd/kwave-0.7.10/build/libkwave.

This allows an attacker with write access to that directory to
add modified libraries which will be loaded when someone
else run kwave.

Cheers,
-- 
Bill. <[EMAIL PROTECTED]>

Imagine a large red swirl here. 



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]