[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KU7FA-0005Z8-El@titan.mandriva.com>
Date: Fri, 15 Aug 2008 15:54:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:172 ] amarok
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:172
http://www.mandriva.com/security/
_______________________________________________________________________
Package : amarok
Date : August 15, 2008
Affected: 2008.0, 2008.1
_______________________________________________________________________
Problem Description:
A flaw in Amarok prior to 1.4.10 would allow local users to overwrite
arbitrary files via a symlink attack on a temporary file that Amarok
created with a predictable name (CVE-2008-3699).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
add9881887c5e33288947a836ea829f7 2008.0/i586/amarok-1.4.7-9.1mdv2008.0.i586.rpm
6cb1913a6bc874ea77a25d76521e39a8 2008.0/i586/amarok-engine-xine-1.4.7-9.1mdv2008.0.i586.rpm
66b1e073cc975872fb15e1d674462d6e 2008.0/i586/amarok-scripts-1.4.7-9.1mdv2008.0.i586.rpm
9decca6e5825541b00c7942340308065 2008.0/i586/libamarok0-1.4.7-9.1mdv2008.0.i586.rpm
f52da39d55c1ad5a475e14a7f4a42d11 2008.0/i586/libamarok0-scripts-1.4.7-9.1mdv2008.0.i586.rpm
130e958096e23249244e7e2ff02aa1f6 2008.0/i586/libamarok-devel-1.4.7-9.1mdv2008.0.i586.rpm
8d5dd406aa2cb0a56e922f8ff7d9ea34 2008.0/i586/libamarok-scripts-devel-1.4.7-9.1mdv2008.0.i586.rpm
36da208a1bb60169c8b721bfc9d38f15 2008.0/SRPMS/amarok-1.4.7-9.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
c01e9b41a520a3a65398866daca707cf 2008.0/x86_64/amarok-1.4.7-9.1mdv2008.0.x86_64.rpm
b300777e4a9db10814ba3a920ce690d0 2008.0/x86_64/amarok-engine-xine-1.4.7-9.1mdv2008.0.x86_64.rpm
c24609bda65290240c8689b2863de9cb 2008.0/x86_64/amarok-scripts-1.4.7-9.1mdv2008.0.x86_64.rpm
eb04320a5d103aef042f29ed9731ac8b 2008.0/x86_64/lib64amarok0-1.4.7-9.1mdv2008.0.x86_64.rpm
c71f5eda86c58ad9bd78bebc06b63f01 2008.0/x86_64/lib64amarok0-scripts-1.4.7-9.1mdv2008.0.x86_64.rpm
df9206ff03dad2f1b2e3ce40e1cc190d 2008.0/x86_64/lib64amarok-devel-1.4.7-9.1mdv2008.0.x86_64.rpm
a9a45984a13f545e828c957e98ca2051 2008.0/x86_64/lib64amarok-scripts-devel-1.4.7-9.1mdv2008.0.x86_64.rpm
36da208a1bb60169c8b721bfc9d38f15 2008.0/SRPMS/amarok-1.4.7-9.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
35bb66001f0a6efb796d476b1ba35098 2008.1/i586/amarok-1.4.8-12.1mdv2008.1.i586.rpm
39f5f1cba6d2a2dd347e2004eb37b6b6 2008.1/i586/amarok-engine-void-1.4.8-12.1mdv2008.1.i586.rpm
b54d096ed180078cc0adbf13ee9c1234 2008.1/i586/amarok-engine-xine-1.4.8-12.1mdv2008.1.i586.rpm
c47c5274f6419497e83b9d9e129f0cee 2008.1/i586/amarok-engine-yauap-1.4.8-12.1mdv2008.1.i586.rpm
f710c717a6bb71e445671688edca63c7 2008.1/i586/amarok-scripts-1.4.8-12.1mdv2008.1.i586.rpm
d07c5193757104a086c798bd4acfa1ff 2008.1/i586/libamarok0-1.4.8-12.1mdv2008.1.i586.rpm
0886969d0cf8a00a24ec3767f7e26d52 2008.1/i586/libamarok0-scripts-1.4.8-12.1mdv2008.1.i586.rpm
b448749b86d31cce3fe37803a6d76955 2008.1/i586/libamarok-devel-1.4.8-12.1mdv2008.1.i586.rpm
00b6a0c87044ad127837dd6b0eaaaf05 2008.1/i586/libamarok-scripts-devel-1.4.8-12.1mdv2008.1.i586.rpm
d98786eee09881cdaa238f00e29e7c48 2008.1/SRPMS/amarok-1.4.8-12.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
4c90ca190be22b80aa57df40a054fb22 2008.1/x86_64/amarok-1.4.8-12.1mdv2008.1.x86_64.rpm
1a3c01858fcfbd321f65b8140252fa3e 2008.1/x86_64/amarok-engine-void-1.4.8-12.1mdv2008.1.x86_64.rpm
d62f9425e5917415066c16f170b9f079 2008.1/x86_64/amarok-engine-xine-1.4.8-12.1mdv2008.1.x86_64.rpm
d4ff899bf669f9f676df2e6b809f2fc8 2008.1/x86_64/amarok-engine-yauap-1.4.8-12.1mdv2008.1.x86_64.rpm
35a26a4ee0d82eaa8e52436dcf1bfaa9 2008.1/x86_64/amarok-scripts-1.4.8-12.1mdv2008.1.x86_64.rpm
9738454dec262ef9d19c93e7e78328c8 2008.1/x86_64/lib64amarok0-1.4.8-12.1mdv2008.1.x86_64.rpm
93414b3bd1d5b12a6cdb8fc48091785b 2008.1/x86_64/lib64amarok0-scripts-1.4.8-12.1mdv2008.1.x86_64.rpm
a11bccff3c601e5d2f3a8501c72e709f 2008.1/x86_64/lib64amarok-devel-1.4.8-12.1mdv2008.1.x86_64.rpm
ec100b8483103dc815b52b3f546df167 2008.1/x86_64/lib64amarok-scripts-devel-1.4.8-12.1mdv2008.1.x86_64.rpm
d98786eee09881cdaa238f00e29e7c48 2008.1/SRPMS/amarok-1.4.8-12.1mdv2008.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIpc66mqjQ0CJFipgRAs8UAJ9zaZ2Q2gNIZIH2QjEkb24qy/p75wCfdjI9
6ws9cZQ3VJO2BMZpRcO+NGY=
=uJ0s
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists