-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:172 http://www.mandriva.com/security/ _______________________________________________________________________ Package : amarok Date : August 15, 2008 Affected: 2008.0, 2008.1 _______________________________________________________________________ Problem Description: A flaw in Amarok prior to 1.4.10 would allow local users to overwrite arbitrary files via a symlink attack on a temporary file that Amarok created with a predictable name (CVE-2008-3699). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: add9881887c5e33288947a836ea829f7 2008.0/i586/amarok-1.4.7-9.1mdv2008.0.i586.rpm 6cb1913a6bc874ea77a25d76521e39a8 2008.0/i586/amarok-engine-xine-1.4.7-9.1mdv2008.0.i586.rpm 66b1e073cc975872fb15e1d674462d6e 2008.0/i586/amarok-scripts-1.4.7-9.1mdv2008.0.i586.rpm 9decca6e5825541b00c7942340308065 2008.0/i586/libamarok0-1.4.7-9.1mdv2008.0.i586.rpm f52da39d55c1ad5a475e14a7f4a42d11 2008.0/i586/libamarok0-scripts-1.4.7-9.1mdv2008.0.i586.rpm 130e958096e23249244e7e2ff02aa1f6 2008.0/i586/libamarok-devel-1.4.7-9.1mdv2008.0.i586.rpm 8d5dd406aa2cb0a56e922f8ff7d9ea34 2008.0/i586/libamarok-scripts-devel-1.4.7-9.1mdv2008.0.i586.rpm 36da208a1bb60169c8b721bfc9d38f15 2008.0/SRPMS/amarok-1.4.7-9.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: c01e9b41a520a3a65398866daca707cf 2008.0/x86_64/amarok-1.4.7-9.1mdv2008.0.x86_64.rpm b300777e4a9db10814ba3a920ce690d0 2008.0/x86_64/amarok-engine-xine-1.4.7-9.1mdv2008.0.x86_64.rpm c24609bda65290240c8689b2863de9cb 2008.0/x86_64/amarok-scripts-1.4.7-9.1mdv2008.0.x86_64.rpm eb04320a5d103aef042f29ed9731ac8b 2008.0/x86_64/lib64amarok0-1.4.7-9.1mdv2008.0.x86_64.rpm c71f5eda86c58ad9bd78bebc06b63f01 2008.0/x86_64/lib64amarok0-scripts-1.4.7-9.1mdv2008.0.x86_64.rpm df9206ff03dad2f1b2e3ce40e1cc190d 2008.0/x86_64/lib64amarok-devel-1.4.7-9.1mdv2008.0.x86_64.rpm a9a45984a13f545e828c957e98ca2051 2008.0/x86_64/lib64amarok-scripts-devel-1.4.7-9.1mdv2008.0.x86_64.rpm 36da208a1bb60169c8b721bfc9d38f15 2008.0/SRPMS/amarok-1.4.7-9.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 35bb66001f0a6efb796d476b1ba35098 2008.1/i586/amarok-1.4.8-12.1mdv2008.1.i586.rpm 39f5f1cba6d2a2dd347e2004eb37b6b6 2008.1/i586/amarok-engine-void-1.4.8-12.1mdv2008.1.i586.rpm b54d096ed180078cc0adbf13ee9c1234 2008.1/i586/amarok-engine-xine-1.4.8-12.1mdv2008.1.i586.rpm c47c5274f6419497e83b9d9e129f0cee 2008.1/i586/amarok-engine-yauap-1.4.8-12.1mdv2008.1.i586.rpm f710c717a6bb71e445671688edca63c7 2008.1/i586/amarok-scripts-1.4.8-12.1mdv2008.1.i586.rpm d07c5193757104a086c798bd4acfa1ff 2008.1/i586/libamarok0-1.4.8-12.1mdv2008.1.i586.rpm 0886969d0cf8a00a24ec3767f7e26d52 2008.1/i586/libamarok0-scripts-1.4.8-12.1mdv2008.1.i586.rpm b448749b86d31cce3fe37803a6d76955 2008.1/i586/libamarok-devel-1.4.8-12.1mdv2008.1.i586.rpm 00b6a0c87044ad127837dd6b0eaaaf05 2008.1/i586/libamarok-scripts-devel-1.4.8-12.1mdv2008.1.i586.rpm d98786eee09881cdaa238f00e29e7c48 2008.1/SRPMS/amarok-1.4.8-12.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 4c90ca190be22b80aa57df40a054fb22 2008.1/x86_64/amarok-1.4.8-12.1mdv2008.1.x86_64.rpm 1a3c01858fcfbd321f65b8140252fa3e 2008.1/x86_64/amarok-engine-void-1.4.8-12.1mdv2008.1.x86_64.rpm d62f9425e5917415066c16f170b9f079 2008.1/x86_64/amarok-engine-xine-1.4.8-12.1mdv2008.1.x86_64.rpm d4ff899bf669f9f676df2e6b809f2fc8 2008.1/x86_64/amarok-engine-yauap-1.4.8-12.1mdv2008.1.x86_64.rpm 35a26a4ee0d82eaa8e52436dcf1bfaa9 2008.1/x86_64/amarok-scripts-1.4.8-12.1mdv2008.1.x86_64.rpm 9738454dec262ef9d19c93e7e78328c8 2008.1/x86_64/lib64amarok0-1.4.8-12.1mdv2008.1.x86_64.rpm 93414b3bd1d5b12a6cdb8fc48091785b 2008.1/x86_64/lib64amarok0-scripts-1.4.8-12.1mdv2008.1.x86_64.rpm a11bccff3c601e5d2f3a8501c72e709f 2008.1/x86_64/lib64amarok-devel-1.4.8-12.1mdv2008.1.x86_64.rpm ec100b8483103dc815b52b3f546df167 2008.1/x86_64/lib64amarok-scripts-devel-1.4.8-12.1mdv2008.1.x86_64.rpm d98786eee09881cdaa238f00e29e7c48 2008.1/SRPMS/amarok-1.4.8-12.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIpc66mqjQ0CJFipgRAs8UAJ9zaZ2Q2gNIZIH2QjEkb24qy/p75wCfdjI9 6ws9cZQ3VJO2BMZpRcO+NGY= =uJ0s -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/