PDA

View Full Version : USN-657-1: Amarok vulnerability



rss-bot
October 21st, 2008, 02:30 PM
Referenced CVEs:
CVE-2008-3699


Description:
================================================== ========= Ubuntu Security Notice USN-657-1 October 21, 2008 amarok vulnerability CVE-2008-3699 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: amarok 2:1.4.7-0ubuntu3.1 Ubuntu 8.04 LTS: amarok 2:1.4.9.1-0ubuntu3.1 After a standard system upgrade you need to restart Amarok to effect the necessary changes. Details follow: Dwayne Litzenberger discovered that Amarok created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. (CVE-2008-3699)





More... (http://www.ubuntu.com/usn/usn-657-1)