[Bug 271228] [NEW] Update Amarok to version 1.4.10 (in Hardy)
feranick
feranick at hotmail.com
Wed Sep 17 07:05:00 UTC 2008
Public bug reported:
Binary package hint: amarok
Version 1.4.10 fixes an important security vulnerability. Hardy is still
in version 1.4.9 and should be updated to version 1.4.10 (already in
Intrepid).
http://secunia.com/advisories/31418/
Amarok "MagnatuneBrowser::listDownloadComplete()" Insecure Temporary
Files
A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
The security issue is caused due to the "MagnatuneBrowser::listDownloadComplete()" function handling temporary files in an insecure manner. This can be exploited via symlink attacks in combination with a race condition to overwrite arbitrary files with the privileges of the user running the application.
The security issue is reported in version 1.4.9.1. Prior versions may
also be affected.
** Affects: amarok (Ubuntu)
Importance: Undecided
Status: New
--
Update Amarok to version 1.4.10 (in Hardy)
https://bugs.launchpad.net/bugs/271228
You received this bug notification because you are a member of Almost
Kubuntu Bugs, which is subscribed to amarok in ubuntu.
More information about the kubuntu-bugs
mailing list