-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 amarok (SSA:2008-241-01) New Amarok packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. In addition, new supporting libgpod packages are available for S...
New Amarok packages are available for Slackware 11.0, 12.0, 12.1, and -current
to fix security issues. In addition, new supporting libgpod packages are
available for Slackware 11.0 and 12.0, since a newer version of libgpod than
shipped with these releases is required to run Amarok version 1.4.10.
The Magnatune music library plugin made insecure use of the /tmp directory,
allowing malicious local users to overwrite files owned by the user running
Amarok through symlink attacks.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
Here are the details from the Slackware 12.1 ChangeLog:
+--------------------------+
patches/packages/amarok-1.4.10-i486-1_slack12.1.tgz:
Upgraded to amarok-1.4.10. This fixes a security issue in the Magnatune
online music library support which could be used by malicious local users to
overwrite system files. For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699 (* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Palit HD 3850 Super +1GB Graphics Card Review @ OCIA.net
Index