Friday, August 29, 2008

Security Update: Amarok

Even though it's a bit late for -Current users, but it might be useful for those who don't play fire with -Current and stick with -Stable tree. Amarok has just been upgraded to 1.4.10 because The Magnatune music library plugin made insecure use of the /tmp directory, allowing malicious local users to overwrite files owned by the user running Amarok through symlink attacks. This was fixed in 1.4.10, so please go get them now, mostly if you are using Magnatune. Here's the latest -Stable tree:
Thu Aug 28 22:48:16 CDT 2008
patches/packages/amarok-1.4.10-i486-1_slack12.1.tgz:
Upgraded to amarok-1.4.10. This fixes a security issue in the Magnatune online music library support which could be used by malicious local users to overwrite system files. For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699
(* Security fix *)