Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: 200809-08 Moderate: Amarok Symlink Attack Risk Report

gentoo
Calendar Grey September 8, 2008
Dist Gentoo Esm H88
Enhance Amarok to mitigate symlink threat vulnerabilities stemming from inadequate temporary file management. Discover additional details today!
Amarok uses temporary files in an insecure manner, allowing for a symlink attack.

Summary

Gentoo Linux Security Advisory GLSA 200809-08 https://security.gentoo.org/ Severity: Normal Title: Amarok: Insecure temporary file creation Date: September 08, 2008 Bugs: #234689 ID: 200809-08

Synopsis ======= Amarok uses temporary files in an insecure manner, allowing for a symlink attack.
Background ========= Amarok is an advanced music player.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/amarok < 1.4.10 >= 1.4.10
========== Dwayne Litzenberger reported that the MagnatuneBrowser::listDownloadComplete() function in magnatunebrowser/magnatunebrowser.cpp uses the album_info.xml temporary file in an insecure manner.
Impact =...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo symlink attack insecure temporary files amarok

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo symlink attack insecure temporary files amarok

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here