- ------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#15 - ------------------------------------------------------------
Name: amarok-base Date: 2007-03-14 Severity: Low Warning #: 2007-#15 - ------------------------------------------------------------ Product Background =================== Amarok is an advanced music player. Problem Background =================== The Magnatune component shipped with Amarok is vulnerable to the injection of arbitrary shell code from a malicious Magnatune server. Impact ========== A compromised or malicious Magnatune server can remotely execute arbitrary shell code with the rights of the user running Amarok on a client that have previously registered for buying music. Workaround ========== Do not use the Magnatune component of Amarok. Problem Packages =================== Package: amarok-base Repo: extra Group: multimedia Unsafe: <= 1.4.5-2 Safe: Only patched Package Fix =================== Upgrade to amarok 1.4.5-5 <http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-sound/amarok/files/amarok-1.4.5-magnatune.patch> ==================== Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html Reference(s) =================== http://secunia.com/advisories/24159 CVE-2006-6979
signature.asc
Description: OpenPGP digital signature
_______________________________________________ arch mailing list [email protected] http://archlinux.org/mailman/listinfo/arch
