Public bug reported: Binary package hint: amarok
Version 1.4.10 fixes an important security vulnerability. Hardy is still in version 1.4.9 and should be updated to version 1.4.10 (already in Intrepid). http://secunia.com/advisories/31418/ Amarok "MagnatuneBrowser::listDownloadComplete()" Insecure Temporary Files A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "MagnatuneBrowser::listDownloadComplete()" function handling temporary files in an insecure manner. This can be exploited via symlink attacks in combination with a race condition to overwrite arbitrary files with the privileges of the user running the application. The security issue is reported in version 1.4.9.1. Prior versions may also be affected. ** Affects: amarok (Ubuntu) Importance: Undecided Status: New -- Update Amarok to version 1.4.10 (in Hardy) https://bugs.launchpad.net/bugs/271228 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
