Stay Vigilant with Timely Linux Security Advisories

Refine advisories

X Clear Filters

Critical (4)

Dovecot (141)

debian (8034)

denial of service (18299)

important (27751)

information leak (1384)

security advisory (114945)

critical (18622)

gsasl (5)

security update (9017)

SuSE (3977)

Debian (1)

Fedora (3)

Gentoo (3)

Published Date Range

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

bottom 200

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

We found -2 articles for you...

security advisorygentooarbitrary code execution

Gentoo: GLSA-200903-34 Normal: Amarok User Code Execution Threat

Multiple vulnerabilities in Amarok might allow for user-assisted execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Amarok: User-assisted execution of arbitrary code Date: March 20, 2009 Bugs: #254896 ID: 200903-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in Amarok might allow for user-assisted execution of arbitrary code. Background ========= Amarok is an advanced music player. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/amarok < 1.4.10-r2 > = 1.4.10-r2 Description ========== Tobias Klein has discovered multiple vulnerabilities in Amarok: * Multiple integer overflows in the Audible::Tag::readTag() function in metadata/audible/audibletag.cpp trigger heap-based buffer overflows (CVE-2009-0135). * Multiple array index errors in the Audible::Tag::readTag() function in metadata/audible/audibletag.cpp can lead to invalid pointer dereferences, or the writing of a 0x00 byte to an arbitrary memory location after an allocation failure (CVE-2009-0136). Impact ===== A remote attacker could entice a user to open a specially crafted Audible Audio (.aa) file with a large "nlen" or "vlen" tag value to execute arbitrary code or cause a Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All Amarok users should upgrade to the latest version: # emerge--sync # emerge --ask --oneshot --verbose "> =media-sound/amarok-1.4.10-r2" References ========= [ 1 ] CVE-2009-0135 https://www.cve.org/CVERecord?id=CVE-2009-0135 [ 2 ] CVE-2009-0136 https://www.cve.org/CVERecord?id=CVE-2009-0136 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200903-34 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Recent Amarok exploits may enable unauthorized code execution within Gentoo systems. Recommended to update promptly for enhanced protection.. Amarok Security Advisory,Gentoo Security Issues,User-Assisted Code Execution. . LinuxSecurity.com Team

Mar 20, 2009 Gentoo

security advisoryupdatebuffer overflow

Fedora 9: 2009-0715 Critical Advisory for Amarok Buffer Overflow

This build includes a security fix concerning the parsing of malformed Audible digital audio files.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-0715 2009-01-21 20:33:27 --------------------------------------------------------------------------------Name : amarok Product : Fedora 9 Version : 1.4.10 Release : 2.fc9 URL : https://amarok.kde.org/ Summary : Media player Description : Amarok is a multimedia player with: - fresh playlist concept, very fast to use, with drag and drop - plays all formats supported by the various engines - audio effects, like reverb and compressor - compatible with the .m3u and .pls formats for playlists - nice GUI, integrates into the KDE look, but with a unique touch Amarok can use various engines to decode sound : helix and xine. To use the helix engine, you need to install either HelixPlayer or RealPlayer --------------------------------------------------------------------------------Update Information: This build includes a security fix concerning the parsing of malformed Audible digital audio files. --------------------------------------------------------------------------------ChangeLog: * Mon Jan 12 2009 Rex Dieter - 1.4.10-2 - backport security patch * Wed Aug 13 2008 Rex Dieter - 1.4.10-1 - amarok-1.4.10 * Wed Jun 11 2008 Dennis Gilmore - 1.4.9.1-4 - we are building sparc32 as sparcv9 not sparc now fix ifnarch * Fri May 2 2008 Rex Dieter - 1.4.9.1-3 - fix libnjb support (#444940) * Thu May 1 2008 Rex Dieter - 1.4.9.1-2.1 - --with-libvisual fedora-only (epel misses libvisual-plugins) * Thu Apr 17 2008 Rex Dieter - 1.4.9.1-2 - specfile typo (unclosed macro) * Tue Apr 15 2008 Rex Dieter - 1.4.9.1-1 - amarok-1.4.9.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #479560 - amarok: multiple buffer overflows when parsing Audible .aa files https://bugzilla.redhat.com/show_bug.cgi?id=479560 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update amarok' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The latest Amarok patch resolves a critical buffer overflow issue in the processing of Audible files for Fedora 9 users. Keep your system protected!. Amarok Update,Fedora 9 Security Patch,Audio File Security,Bug Fix. . Severity: Critical. LinuxSecurity.com Team

Jan 22, 2009 •Critical Fedora

security advisorycriticaldebian

Debian 4.0: DSA-1706-1 Critical: Amarok Arbitrary Code Execution

Tobias Klein discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1706-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff January 15, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : amarok Vulnerability : integer overflows Problem type : local(remote) Debian-specific: no CVE Id(s) : not assigned yet Tobias Klein discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.4.4-4etch1. Updated packages for sparc and arm will be provided later. For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 1.4.10-2. We recommend that you upgrade your amarok packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Stable updates are available for alpha, amd64, hppa, i386, ia64, mips, mipsel, powerpc, s390. Source archives: Size/MD5 checksum: 17628566 0adbbd8373da2198b80e509618a2dab9 Size/MD5 checksum: 42402 c29b0538c033ededacc6d31339d17700 Size/MD5 checksum: 986f8e80af55fbd8386e6b13b0b12d798f4 alpha architecture (DEC Alpha) Size/MD5 checksum: 70238 16f3f3c09abb731a18a3dc48c473de6b Size/MD5 checksum: 129504 287d891eceb758b606dca22be1c00373 Size/MD5 checksum: 17689706 f50edbcb0ecf4e4b9eb3c7bfcccdab16 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 69932 7fa4c35fe5ec1bf5c3622beaadfd9d55 Size/MD5 checksum: 17559012 516c270247fbb4470ec5d453edd45240 Size/MD5 checksum: 126688 f4dc3d7e22c5716df018e1d198756523 hppa architecture (HP PA RISC) Size/MD5 checksum: 70028 ee3d6e27e1bb5412a729cda758bb4c79 Size/MD5 checksum: 17799030 a9ab6605a349108354a1c3642b3e017b Size/MD5 checksum: 133110 025ed372785d76ee8489debf6ec06b59 i386 architecture (Intel ia32) Size/MD5 checksum: 122606 af13d7d1948840398e2e0865c002f1be Size/MD5 checksum: 69978 d9e962dbb56755409c73e1d29d76e8ca Size/MD5 checksum: 17426752 7e3dd482184056066d73844fea495000 ia64 architecture (Intel ia64) Size/MD5 checksum: 69978 eaeea421c5d986247d68b24fa43645b4 Size/MD5 checksum: 143310 55bcb806b1ed036e0b1bf1e14cab97d1 Size/MD5 checksum: 18256184 8ee9cdea2583aa0efdd577a91ccb1037 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 69978 2e39ff39e8a9ef544f4f9e3d00c4708e Size/MD5 checksum: 118582 956b27a45db711471b8a1647a7e13893 Size/MD5 checksum: 17189438 a0cd5cbf3e68a9a481cbd42a13d0c717 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 118316 73af2daa439ee61d07781f42fbb9bdf2 Size/MD5 checksum: 69976 084e0fabd90d5dcbc3cdaf7727a8e7c9 Size/MD5 checksum: 17131354 d5a809e1e78f60ffb91ed99e697dbc13 powerpc architecture (PowerPC) Size/MD5 checksum: 17423852 1c2428cbb97b045f3880538db423e6f4 Size/MD5 checksum: 123234 224605d1f56406132ab7acc9314301c0 Size/MD5 checksum: 69978 6d0d183ed614b4627fb306aeec628b72 s390 architecture (IBM S/390) Size/MD5 checksum: 69974 300b343297ec84c5520052014d237df6 Size/MD5checksum: 125914 48ca5f8f754297d200c4d87d69d6c345 Size/MD5 checksum: 17480270 865a5a65b3c5ad28858d7c7538f0bbc7 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Integer overflow vulnerabilities in Amarok could permit the execution of unauthorized code. Debian users are advised to upgrade.. Debian Amarok Integer Overflow Issue, Amarok Security Update, Media Player Threat. . Severity: Critical. LinuxSecurity.com Team

Jan 15, 2009 •Critical Debian

security advisoryfedorasoftware upgrade

Fedora 10: FEDORA-2009-0723 Critical: Amarok Buffer Overflow

An update to the latest release, includes new features such as queuing, playlist search and filtering as well as "stop after current track". And, long awaited and finally available: sorting the collection by composer. Also includes a security fix concerning the parsing of malformed Audible digital audio files. For further details, see . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-0550 2009-01-14 23:38:39 --------------------------------------------------------------------------------Name : amarok Product : Fedora 10 Version : 2.0.1.1 Release : 1.fc10 URL : https://amarok.kde.org/ Summary : Media player Description : Amarok is a multimedia player with: - fresh playlist concept, very fast to use, with drag and drop - plays all formats supported by the various engines - audio effects, like reverb and compressor - compatible with the .m3u and .pls formats for playlists - nice GUI, integrates into the KDE look, but with a unique touch --------------------------------------------------------------------------------Update Information: An update to the latest release, includes new features such as queuing, playlist search and filtering as well as "stop after current track". And, long awaited and finally available: sorting the collection by composer. Also includes a security fix concerning the parsing of malformed Audible digital audio files. For further details, see --------------------------------------------------------------------------------ChangeLog: * Fri Jan 9 2009 Rex Dieter - 2.0.1.1-1 - amarok-2.0.1.1 * Tue Jan 6 2009 Rex Dieter - 2.0.1-1 - amarok-2.0.1 * Tue Dec 9 2008 Rex Dieter - 2.0-2 - respin tarball * Fri Dec 5 2008 Rex Dieter - 2.0-1 - amarok-2.0 (final, first cut) * Fri Nov 21 2008 Rex Dieter - 1.98-1 - amarok-1.98 (2rc1) --------------------------------------------------------------------------------References: [ 1 ] Bug#479560 - amarok: multiple buffer overflows when parsing Audible .aa files https://bugzilla.redhat.com/show_bug.cgi?id=479560 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update amarok' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Ubuntu 22.04 VLC upgrade improves functionality and resolves vulnerabilities in media file handling.. Amarok Security, Fedora Update, Audio Player Patch. . Severity: Critical. LinuxSecurity.com Team

Jan 14, 2009 •Critical Fedora

security advisorycritical issuefedora

Fedora 8 amarok-1.4.10 Critical Issue: Temporary File Vulnerability

Amarok 1.4.10 has been released to fix a security problem. For more information please see Please update.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-7719 2008-09-05 11:03:20 -------------------------------------------------------------------------------- Name : amarok Product : Fedora 8 Version : 1.4.10 Release : 1.fc8 URL : https://amarok.kde.org/ Summary : Media player Description : Amarok is a multimedia player with: - fresh playlist concept, very fast to use, with drag and drop - plays all formats supported by the various engines - audio effects, like reverb and compressor - compatible with the .m3u and .pls formats for playlists - nice GUI, integrates into the KDE look, but with a unique touch Amarok can use various engines to decode sound : helix and xine. To use the helix engine, you need to install either HelixPlayer or RealPlayer -------------------------------------------------------------------------------- Update Information: Amarok 1.4.10 has been released to fix a security problem. For more information please see Please update. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 13 2008 Rex Dieter - 1.4.10-1 - amarok-1.4.10 * Wed Jun 11 2008 Dennis Gilmore - 1.4.9.1-4 - we are building sparc32 as sparcv9 not sparc now fix ifnarch * Fri May 2 2008 Rex Dieter - 1.4.9.1-3 - fix libnjb support (#444940) * Thu May 1 2008 Rex Dieter - 1.4.9.1-2.1 - --with-libvisual fedora-only (epel misses libvisual-plugins) * Thu Apr 17 2008 Rex Dieter - 1.4.9.1-2 - specfile typo (unclosed macro) * Tue Apr 15 2008 Rex Dieter - 1.4.9.1-1 - amarok-1.4.9.1 * Wed Mar 12 2008 Rex Dieter - 1.4.8-5 - -konqueror: drop Obsoletes: %name < 1.4.8-4 , which breaks multilib upgrades (#436578) * Thu Feb 21 2008 Rex Dieter - 1.4.8-4 - -konqueror subpkg (#426803) - fix multiarch conflicts (#340641) drop Provides: amarok-devel (f9+), addObsoletes: amarok-devel - gcc43 patch (#433904) * Mon Feb 18 2008 Fedora Release Engineering - 1.4.8-3 - Autorebuild for GCC 4.3 * Wed Jan 9 2008 Rex Dieter 1.4.8-2 - f9+: don't build/include konq(3) side bar support * Thu Dec 20 2007 Rex Dieter 1.4.8-1 - amarok-1.4.8 * Fri Dec 7 2007 Alex Lancaster 1.4.7-14 - Rebuild for new openssl * Thu Nov 29 2007 Rex Dieter 1.4.7-13 - fix --with-mp4v2 handling (#346011#c5,6) * Thu Nov 29 2007 Rex Dieter 1.4.7-12 - --with-mp4v2 (#346011#c3) - fix asf/wma support (rh#346011,kde#151733) * Wed Nov 21 2007 Rex Dieter 1.4.7-11 - dynamic mode floods playlist ... (kde #148317) * Wed Nov 21 2007 Todd Zullinger 1.4.7-10 - rebuild for libgpod-0.6.0 * Tue Nov 20 2007 Rex Dieter 1.4.7-9 - cosmetics (cleanup/sort BR's mostly) - omit "for KDE" from summary/description - make gst support toggled by macro (disabled by default) * Sat Nov 10 2007 Aurelien Bompard 1.4.7-8 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #459135 - CVE-2008-3699 amarok: temporary file vulnerability via symlink attacks (priv esc) https://bugzilla.redhat.com/show_bug.cgi?id=459135 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update amarok' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Amarok 1.4.10 launched for Fedora 8 resolves temporary file vulnerability. Update today to safeguard your device.. Amarok Update, FedoraSecurity Patch, File Attack Risk. . Severity: Critical. LinuxSecurity.com Team

Sep 10, 2008 •Critical Fedora

security advisorygentoosymlink attack

Gentoo: 200809-08 Moderate: Amarok Symlink Attack Risk Report

Amarok uses temporary files in an insecure manner, allowing for a symlink attack.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Amarok: Insecure temporary file creation Date: September 08, 2008 Bugs: #234689 ID: 200809-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Amarok uses temporary files in an insecure manner, allowing for a symlink attack. Background ========= Amarok is an advanced music player. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/amarok < 1.4.10 > = 1.4.10 Description ========== Dwayne Litzenberger reported that the MagnatuneBrowser::listDownloadComplete() function in magnatunebrowser/magnatunebrowser.cpp uses the album_info.xml temporary file in an insecure manner. Impact ===== A local attacker could perform a symlink attack to overwrite arbitrary files on the system with the privileges of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All Amarok users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-sound/amarok-1.4.10" References ========= [ 1 ] CVE-2008-3699 https://www.cve.org/CVERecord?id=CVE-2008-3699 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200809-08 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Enhance Amarok to mitigate symlink threat vulnerabilities stemming from inadequate temporary file management. Discover additional details today!. Amarok Symlink Attack, Insecure File Handling, Gentoo Security Advisory. . LinuxSecurity.com Team

Sep 08, 2008 Gentoo

security advisorysoftware updateremote execution

Gentoo: 200703-11 Normal Severity: Amarok Remote Execution of Code

The Magnatune component shipped with Amarok is vulnerable to the injection of arbitrary shell code from a malicious Magnatune server.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Amarok: User-assisted remote execution of arbitrary code Date: March 13, 2007 Bugs: #166901 ID: 200703-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The Magnatune component shipped with Amarok is vulnerable to the injection of arbitrary shell code from a malicious Magnatune server. Background ========= Amarok is an advanced music player. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/amarok < 1.4.5-r1 > = 1.4.5-r1 Description ========== The Magnatune downloader doesn't quote the "m_currentAlbumFileName" parameter while calling the "unzip" shell command. Impact ===== A compromised or malicious Magnatune server can remotely execute arbitrary shell code with the rights of the user running Amarok on a client that have previously registered for buying music. Workaround ========= Do not use the Magnatune component of Amarok. Resolution ========= All Amarok users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-sound/amarok-1.4.5-r1" References ========= [ 1 ] SA24159 https://www.flexera.com/products/security/software-vulnerability-research/secunia-research Availability =========== This GLSA and any updates to it areavailable for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200703-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Debian Security Advisory DSA-2023-12 outlines a potential exploit within GIMP that could allow for arbitrary file manipulation. Immediate measures are required!. amarok vulnerability,magnatune component,remote code execution,gentoo security advisory. . LinuxSecurity.com Team

Mar 14, 2007 Gentoo

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

bottom 200

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Gentoo: GLSA-200903-34 Normal: Amarok User Code Execution Threat

Fedora 9: 2009-0715 Critical Advisory for Amarok Buffer Overflow

Debian 4.0: DSA-1706-1 Critical: Amarok Arbitrary Code Execution

Fedora 10: FEDORA-2009-0723 Critical: Amarok Buffer Overflow

Fedora 8 amarok-1.4.10 Critical Issue: Temporary File Vulnerability

Gentoo: 200809-08 Moderate: Amarok Symlink Attack Risk Report

Gentoo: 200703-11 Normal Severity: Amarok Remote Execution of Code

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!