Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 8 amarok-1.4.10 Critical Issue: Temporary File Vulnerability

fedora
Calendar Grey September 10, 2008
Dist Fedora Esm H88
Amarok 1.4.10 launched for Fedora 8 resolves temporary file vulnerability. Update today to safeguard your device.
Amarok 1.4.10 has been released to fix a security problem

Summary

Amarok is a multimedia player with:

- fresh playlist concept, very fast to use, with drag and drop

- plays all formats supported by the various engines

- audio effects, like reverb and compressor

- compatible with the .m3u and .pls formats for playlists

- nice GUI, integrates into the KDE look, but with a unique touch

Amarok can use various engines to decode sound : helix and xine.

To use the helix engine, you need to install either HelixPlayer

or RealPlayer

Update Information:

Amarok 1.4.10 has been released to fix a security problem. For more information please see Please update.

Topics%20covered

Topics Covered

security advisory critical issue fedora temporary file amarok

Change Log

* Wed Aug 13 2008 Rex Dieter - 1.4.10-1 - amarok-1.4.10 * Wed Jun 11 2008 Dennis Gilmore - 1.4.9.1-4 - we are building sparc32 as sparcv9 not sparc now fix ifnarch * Fri May 2 2008 Rex Dieter - 1.4.9.1-3 - fix libnjb support (#444940) * Thu May 1 2008 Rex Dieter - 1.4.9.1-2.1 - --with-libvisual fedora-only (epel misses libvisual-plugins) * Thu Apr 17 2008 Rex Dieter - 1.4.9.1-2 - specfile typo (unclosed macro) * Tue Apr 15 2008 Rex Dieter - 1.4.9.1-1 - amarok-1.4.9.1 * Wed Mar 12 2008 Rex Dieter - 1.4.8-5 - -konqueror: drop Obsoletes: %name < 1.4.8-4 , which breaks multilib upgrades (#436578) * Thu Feb 21 2008 Rex Dieter - 1.4.8-4 - -konqueror subpkg (#426803) - fix multiarch conflicts (#340641) drop Provides: amarok-devel (f9+), add Obsoletes: amarok-devel - gcc43 patch (#433904) * Mon Feb 18 2008 Fedora Release Engineering - 1.4.8-3 - Autorebuild for GCC 4.3 * Wed Jan 9 2008 Rex Dieter 1.4.8-2 - f9+: don't build/include konq(3) side bar support * Thu Dec 20 2007 Rex Dieter 1.4.8-1 - amarok-1.4.8 * Fri Dec 7 2007 Alex Lancaster 1.4.7-14 - Rebuild for new openssl * Thu Nov 29 2007 Rex Dieter 1.4.7-13 - fix --with-mp4v2 handling (#346011#c5,6) * Thu Nov 29 2007 Rex Dieter 1.4.7-12 - --with-mp4v2 (#346011#c3) - fix asf/wma support (rh#346011,kde#151733) * Wed Nov 21 2007 Rex Dieter 1.4.7-11 - dynamic mode floods playlist ... (kde #148317) * Wed Nov 21 2007 Todd Zullinger 1.4.7-10 - rebuild for libgpod-0.6.0 * Tue Nov 20 2007 Rex Dieter 1.4.7-9 - cosmetics (cleanup/sort BR's mostly) - omit "for KDE" from summary/description - make gst support toggled by macro (disabled by default) * Sat Nov 10 2007 Aurelien Bompard 1.4.7-8 - rebuild

References


[ 1 ] Bug #459135 - CVE-2008-3699 amarok: temporary file vulnerability via symlink attacks (priv esc) https://bugzilla.redhat.com/show_bug.cgi?id=459135

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update amarok' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: amarok
Product: Fedora 8
Version: 1.4.10
Release: 1.fc8
URL: https://amarok.kde.org/
Summary: Media player

Topics%20covered

Topics Covered

security advisory critical issue fedora temporary file amarok

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here