Date: Mon, 25 Jun 2012 15:36:57 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security@...ts.openwall.com, Hans Spaans <hans.spaans@...it.nl>, Josselin Mouette <joss@...ian.org>, Bastien Nocera <bnocera@...hat.com> Subject: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Hello Kurt, Steve, vendors, An insecure temporary directory use flaw was found in the way Rhythmbox, an integrated music management application based on the powerful GStreamer media framework, performed loading of HTML template files, used for rendering of 'Album', 'Lyrics', and 'Artist' tabs. Previously the '/tmp/context' directory has been searched as module directory when loading the HTML template files. A local attacker could use this flaw to conduct symbolic link attacks (possibly leading to attacker's ability to execute arbitrary HTML template file in the context of user running the rhythmbox executable). Upstream bug report:  https://bugzilla.gnome.org/show_bug.cgi?id=678661 References:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673  https://bugzilla.redhat.com/show_bug.cgi?id=835076 Please note the  bug has been reported / opened on: "Date: Sun, 06 Mar 2011 14:58:46 +0100" yet, so this should get a CVE-2011-* identifier. Could you allocate one? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ