[USN-1503-1] Rhythmbox vulnerability
jamie at canonical.com
Wed Jul 11 17:59:10 UTC 2012
Ubuntu Security Notice USN-1503-1
July 11, 2012
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Rhythmbox could be made to run programs as your login when using the Context
- rhythmbox: music player and organizer for GNOME
Hans Spaans discovered that the Context plugin in Rhythmbox created a
temporary directory in an insecure manner. A local attacker could exploit
this to execute arbitrary code as the user invoking the program. The
Context plugin is disabled by default in Ubuntu.
The problem can be corrected by updating your system to the following
Ubuntu 12.04 LTS:
After a standard system update you need to restart Rhythmbox to make all
the necessary changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the ubuntu-security-announce