An update for festival is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1589 Final 1.0 1.0 2022-03-22 Initial 2022-03-22 2022-03-22 openEuler SA Tool V1.0 2022-03-22 festival security update An update for festival is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. Festival offers a general framework for building speech synthesis systems as well as including examples of various modules. As a whole it offers full text to speech through a number APIs: from shell level, though a Scheme command interpreter, as a C++ library, from Java, and an Emacs interface. Security Fix(es): festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.(CVE-2010-3996) An update for festival is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium festival https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1589 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2010-3996 https://nvd.nist.gov/vuln/detail/CVE-2010-3996 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 festival-devel-1.96-44.oe1.aarch64.rpm festival-debuginfo-1.96-44.oe1.aarch64.rpm festival-debugsource-1.96-44.oe1.aarch64.rpm festival-1.96-44.oe1.aarch64.rpm festival-1.96-44.oe1.aarch64.rpm festival-devel-1.96-44.oe1.aarch64.rpm festival-debugsource-1.96-44.oe1.aarch64.rpm festival-debuginfo-1.96-44.oe1.aarch64.rpm festival-1.96-44.oe1.aarch64.rpm festival-devel-1.96-44.oe1.aarch64.rpm festival-debugsource-1.96-44.oe1.aarch64.rpm festival-debuginfo-1.96-44.oe1.aarch64.rpm festival-help-1.96-44.oe1.noarch.rpm festival-help-1.96-44.oe1.noarch.rpm festival-help-1.96-44.oe1.noarch.rpm festival-1.96-44.oe1.src.rpm festival-1.96-44.oe1.src.rpm festival-1.96-44.oe1.src.rpm festival-1.96-44.oe1.x86_64.rpm festival-devel-1.96-44.oe1.x86_64.rpm festival-debuginfo-1.96-44.oe1.x86_64.rpm festival-debugsource-1.96-44.oe1.x86_64.rpm festival-devel-1.96-44.oe1.x86_64.rpm festival-debuginfo-1.96-44.oe1.x86_64.rpm festival-debugsource-1.96-44.oe1.x86_64.rpm festival-1.96-44.oe1.x86_64.rpm festival-debugsource-1.96-44.oe1.x86_64.rpm festival-devel-1.96-44.oe1.x86_64.rpm festival-debuginfo-1.96-44.oe1.x86_64.rpm festival-1.96-44.oe1.x86_64.rpm festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. 2022-03-22 CVE-2010-3996 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Medium 7.8 /AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H festival security update 2022-03-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1589