Mageia alert MGASA-2012-0179 (rhythmbox)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2012-0179: rhythmbox-0.13.3-5.1.mga1
 (1/core), rhythmbox-2.96-1.1.mga2 (2/core) 
Date:
    	     
 
Tue, 24 Jul 2012 13:26:35 +0200
Message-ID:
    	     
 
<20120724112635.GA2851@valstar.mageia.org>

MGASA-2012-0179
Date: 	July 24th, 2012
Affected releases: 	1, 2


Description:
Updated rhythmbox packages fix security vulnerability:

Hans Spaans discovered that the Context plugin in Rhythmbox created
a temporary directory in an insecure manner. A local attacker could
exploit this to execute arbitrary code as the user invoking the program.
The Context plugin is disabled by default in Ubuntu (CVE-2012-3355).


Updated Packages:
Mageia 1:
rhythmbox-0.13.3-5.1.mga1
rhythmbox-devel-0.13.3-5.1.mga1
rhythmbox-mozilla-0.13.3-5.1.mga1
rhythmbox-upnp-0.13.3-5.1.mga1
lib(64)rhythmbox3-0.13.3-5.1.mga1

Mageia 2:
rhythmbox-2.96-1.1.mga2
rhythmbox-devel-2.96-1.1.mga2
rhythmbox-mozilla-2.96-1.1.mga2
lib(64)rhythmbox5-2.96-1.1.mga2
lib(64)rhythmbox-gir3.0-2.96-1.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3355
http://www.ubuntu.com/usn/usn-1503-1/
https://bugs.mageia.org/show_bug.cgi?id=6767
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...