| |||||||||||||||||||
Ubuntu alert USN-1503-1 (rhythmbox)
========================================================================== Ubuntu Security Notice USN-1503-1 July 11, 2012 rhythmbox vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 Summary: Rhythmbox could be made to run programs as your login when using the Context plugin. Software Description: - rhythmbox: music player and organizer for GNOME Details: Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: rhythmbox-plugins 2.96-0ubuntu4.1 Ubuntu 11.10: rhythmbox-plugins 2.90.1~20110908-0ubuntu1.4 After a standard system update you need to restart Rhythmbox to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1503-1 CVE-2012-3355 Package Information: https://launchpad.net/ubuntu/+source/rhythmbox/2.96-0ubun... https://launchpad.net/ubuntu/+source/rhythmbox/2.90.1~201... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
|||||||||||||||||||