A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
cdrecord
The problem can be corrected by upgrading the affected package to version 4:2.0+a30.pre1-1ubuntu2.2. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Javier Fernández-Sanguino Peña noticed that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), this could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking cdrecord.
Please note that DEBUG is not enabled by default in Ubuntu, so if you did not explicitly enable it, this does not affect you.