Package name
amarok
Date
2008-08-15
Advisory ID
MDVSA-2008:172
Affected versions
2008.1 i586 , 2008.1 x86_64 , 2008.0 i586 , 2008.0 x86_64

Problem description

A flaw in Amarok prior to 1.4.10 would allow local users to overwrite
arbitrary files via a symlink attack on a temporary file that Amarok
created with a predictable name (CVE-2008-3699).

The updated packages have been patched to correct this issue.

Updated packages

2008.1 i586

 35bb66001f0a6efb796d476b1ba35098  2008.1/i586/amarok-1.4.8-12.1mdv2008.1.i586.rpm
 39f5f1cba6d2a2dd347e2004eb37b6b6  2008.1/i586/amarok-engine-void-1.4.8-12.1mdv2008.1.i586.rpm
 b54d096ed180078cc0adbf13ee9c1234  2008.1/i586/amarok-engine-xine-1.4.8-12.1mdv2008.1.i586.rpm
 c47c5274f6419497e83b9d9e129f0cee  2008.1/i586/amarok-engine-yauap-1.4.8-12.1mdv2008.1.i586.rpm
 f710c717a6bb71e445671688edca63c7  2008.1/i586/amarok-scripts-1.4.8-12.1mdv2008.1.i586.rpm
 d07c5193757104a086c798bd4acfa1ff  2008.1/i586/libamarok0-1.4.8-12.1mdv2008.1.i586.rpm
 0886969d0cf8a00a24ec3767f7e26d52  2008.1/i586/libamarok0-scripts-1.4.8-12.1mdv2008.1.i586.rpm
 b448749b86d31cce3fe37803a6d76955  2008.1/i586/libamarok-devel-1.4.8-12.1mdv2008.1.i586.rpm
 00b6a0c87044ad127837dd6b0eaaaf05  2008.1/i586/libamarok-scripts-devel-1.4.8-12.1mdv2008.1.i586.rpm 
 d98786eee09881cdaa238f00e29e7c48  2008.1/SRPMS/amarok-1.4.8-12.1mdv2008.1.src.rpm

2008.1 x86_64

 4c90ca190be22b80aa57df40a054fb22  2008.1/x86_64/amarok-1.4.8-12.1mdv2008.1.x86_64.rpm
 1a3c01858fcfbd321f65b8140252fa3e  2008.1/x86_64/amarok-engine-void-1.4.8-12.1mdv2008.1.x86_64.rpm
 d62f9425e5917415066c16f170b9f079  2008.1/x86_64/amarok-engine-xine-1.4.8-12.1mdv2008.1.x86_64.rpm
 d4ff899bf669f9f676df2e6b809f2fc8  2008.1/x86_64/amarok-engine-yauap-1.4.8-12.1mdv2008.1.x86_64.rpm
 35a26a4ee0d82eaa8e52436dcf1bfaa9  2008.1/x86_64/amarok-scripts-1.4.8-12.1mdv2008.1.x86_64.rpm
 9738454dec262ef9d19c93e7e78328c8  2008.1/x86_64/lib64amarok0-1.4.8-12.1mdv2008.1.x86_64.rpm
 93414b3bd1d5b12a6cdb8fc48091785b  2008.1/x86_64/lib64amarok0-scripts-1.4.8-12.1mdv2008.1.x86_64.rpm
 a11bccff3c601e5d2f3a8501c72e709f  2008.1/x86_64/lib64amarok-devel-1.4.8-12.1mdv2008.1.x86_64.rpm
 ec100b8483103dc815b52b3f546df167  2008.1/x86_64/lib64amarok-scripts-devel-1.4.8-12.1mdv2008.1.x86_64.rpm 
 d98786eee09881cdaa238f00e29e7c48  2008.1/SRPMS/amarok-1.4.8-12.1mdv2008.1.src.rpm

2008.0 i586

 add9881887c5e33288947a836ea829f7  2008.0/i586/amarok-1.4.7-9.1mdv2008.0.i586.rpm
 6cb1913a6bc874ea77a25d76521e39a8  2008.0/i586/amarok-engine-xine-1.4.7-9.1mdv2008.0.i586.rpm
 66b1e073cc975872fb15e1d674462d6e  2008.0/i586/amarok-scripts-1.4.7-9.1mdv2008.0.i586.rpm
 9decca6e5825541b00c7942340308065  2008.0/i586/libamarok0-1.4.7-9.1mdv2008.0.i586.rpm
 f52da39d55c1ad5a475e14a7f4a42d11  2008.0/i586/libamarok0-scripts-1.4.7-9.1mdv2008.0.i586.rpm
 130e958096e23249244e7e2ff02aa1f6  2008.0/i586/libamarok-devel-1.4.7-9.1mdv2008.0.i586.rpm
 8d5dd406aa2cb0a56e922f8ff7d9ea34  2008.0/i586/libamarok-scripts-devel-1.4.7-9.1mdv2008.0.i586.rpm 
 36da208a1bb60169c8b721bfc9d38f15  2008.0/SRPMS/amarok-1.4.7-9.1mdv2008.0.src.rpm

2008.0 x86_64

 c01e9b41a520a3a65398866daca707cf  2008.0/x86_64/amarok-1.4.7-9.1mdv2008.0.x86_64.rpm
 b300777e4a9db10814ba3a920ce690d0  2008.0/x86_64/amarok-engine-xine-1.4.7-9.1mdv2008.0.x86_64.rpm
 c24609bda65290240c8689b2863de9cb  2008.0/x86_64/amarok-scripts-1.4.7-9.1mdv2008.0.x86_64.rpm
 eb04320a5d103aef042f29ed9731ac8b  2008.0/x86_64/lib64amarok0-1.4.7-9.1mdv2008.0.x86_64.rpm
 c71f5eda86c58ad9bd78bebc06b63f01  2008.0/x86_64/lib64amarok0-scripts-1.4.7-9.1mdv2008.0.x86_64.rpm
 df9206ff03dad2f1b2e3ce40e1cc190d  2008.0/x86_64/lib64amarok-devel-1.4.7-9.1mdv2008.0.x86_64.rpm
 a9a45984a13f545e828c957e98ca2051  2008.0/x86_64/lib64amarok-scripts-devel-1.4.7-9.1mdv2008.0.x86_64.rpm 
 36da208a1bb60169c8b721bfc9d38f15  2008.0/SRPMS/amarok-1.4.7-9.1mdv2008.0.src.rpm

References