Mandriva Update For Amarok MDVSA-2008:172 (amarok) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A flaw in Amarok prior to 1.4.10 would allow local users to overwrite arbitrary files via a symlink attack on a temporary file that Amarok created with a predictable name (CVE-2008-3699). The updated packages have been patched to correct this issue.

Affected

amarok on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-3699
CVSS Base Score: 3.3
AV:L/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Mandriva Update for gd MDVSA-2008:038 (gd)
Mandriva Update for openssl MDVSA-2011:136 (openssl)
Mandriva Update for avahi MDKSA-2007:185 (avahi)
Mandriva Update for findutils MDVA-2010:161 (findutils)
Mandrake Security Advisory MDVSA-2009:071 (kernel)

Mandriva Update for amarok MDVSA-2008:172 (amarok)

Take action and discover your vulnerabilities