Mandriva Linux Security Advisory 2014-032 - The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. The updated packages have been patched to correct this issue.
92c35daa3ec0ffbce591b7131aece7d46e2073390c92cfedbba31c1c8da90fc0