An update for festival is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2087 Final 1.0 1.0 2022-11-11 Initial 2022-11-11 2022-11-11 openEuler SA Tool V1.0 2022-11-11 festival security update An update for festival is now available for openEuler-22.03-LTS. Festival offers a general framework for building speech synthesis systems as well as including examples of various modules. As a whole it offers full text to speech through a number APIs: from shell level, though a Scheme command interpreter, as a C++ library, from Java, and an Emacs interface. Security Fix(es): festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.(CVE-2010-3996) An update for festival is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High festival https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2087 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2010-3996 https://nvd.nist.gov/vuln/detail/CVE-2010-3996 openEuler-22.03-LTS festival-debuginfo-1.96-45.oe2203.aarch64.rpm festival-1.96-45.oe2203.aarch64.rpm festival-devel-1.96-45.oe2203.aarch64.rpm festival-debugsource-1.96-45.oe2203.aarch64.rpm festival-help-1.96-45.oe2203.noarch.rpm festival-1.96-45.oe2203.src.rpm festival-debuginfo-1.96-45.oe2203.x86_64.rpm festival-1.96-45.oe2203.x86_64.rpm festival-debugsource-1.96-45.oe2203.x86_64.rpm festival-devel-1.96-45.oe2203.x86_64.rpm festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. 2022-11-11 CVE-2010-3996 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H festival security update 2022-11-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2087