MGASA-2012-0179
| Date: | July 24th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated rhythmbox packages fix security vulnerability:
Hans Spaans discovered that the Context plugin in Rhythmbox created
a temporary directory in an insecure manner. A local attacker could
exploit this to execute arbitrary code as the user invoking the program.
The Context plugin is disabled by default in Ubuntu (CVE-2012-3355).
Updated Packages:
Mageia 1:
rhythmbox-0.13.3-5.1.mga1
rhythmbox-devel-0.13.3-5.1.mga1
rhythmbox-mozilla-0.13.3-5.1.mga1
rhythmbox-upnp-0.13.3-5.1.mga1
lib(64)rhythmbox3-0.13.3-5.1.mga1
Mageia 2:
rhythmbox-2.96-1.1.mga2
rhythmbox-devel-2.96-1.1.mga2
rhythmbox-mozilla-2.96-1.1.mga2
lib(64)rhythmbox5-2.96-1.1.mga2
lib(64)rhythmbox-gir3.0-2.96-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3355
http://www.ubuntu.com/usn/usn-1503-1/
https://bugs.mageia.org/show_bug.cgi?id=6767
