Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 25 Jun 2012 11:04:59 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Hans Spaans <hans.spaans@...it.nl>, Josselin Mouette <joss@...ian.org>,
        Bastien Nocera <bnocera@...hat.com>
Subject: Re: CVE 2011-* Request -- rhythmbox (context plug-in):
 Insecure temporary directory use by loading template files for 'Album', 'Lyrics',
 and 'Artist' tabs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/25/2012 07:36 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> An insecure temporary directory use flaw was found in the way 
> Rhythmbox, an integrated music management application based on the 
> powerful GStreamer media framework, performed loading of HTML
> template files, used for rendering of 'Album', 'Lyrics', and
> 'Artist' tabs. Previously the '/tmp/context' directory has been
> searched as module directory when loading the HTML template files.
> A local attacker could use this flaw to conduct symbolic link
> attacks (possibly leading to attacker's ability to execute
> arbitrary HTML template file in the context of user running the
> rhythmbox executable).
> 
> Upstream bug report: [1]
> https://bugzilla.gnome.org/show_bug.cgi?id=678661
> 
> References: [2]
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673 [3]
> https://bugzilla.redhat.com/show_bug.cgi?id=835076
> 
> Please note the [2] bug has been reported / opened on: "Date: Sun,
> 06 Mar 2011 14:58:46 +0100" yet, so this should get a CVE-2011-*
> identifier. Could you allocate one?
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team

Please use CVE-2012-3355 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP6Jo6AAoJEBYNRVNeJnmTw/MQALV9lNTYVGsaGF5DDvnqSyNT
i+EqGjSphdwMqjPMrvkRt30OHF9cQrfUcw5EwMGVfBpcI/OSZzSyZKrFDoW9EVxt
c+aLx19i457Qe2cmRaWW/UYvXSadlwyKaZpM9B+aVfw+rnRW9ElV+sswkc9iTvkV
MOz5Ytf3dBD6gf9XsM8cPGG9Cp4fLnkOErU3BVEJgJWM2i3GhxzWMvWTZJLBghvM
epF4im0QR+H2UzyJ34u4tZMxJ6SXrk2vRD7UD4b4KqpL7Hs44qIaMemCDoNXx9ig
uFjQZniH+5NIzWGrsHyrRncIKemLTeZ07cVjcj5AWwrkIT8ZNd9TM9YuG1JyyXMg
HInmzY3etSYyrJNAZmoxylQ7HGeB7cKLipKjfO5RzBwMvFaZXLrxVTVeXZORqBQm
XNN7SvOj9K+HT0f92ApLqUniBmgBqF8thZYlpGaAoZ9FvPkg08nhMhZP38ozlLet
wLrbPEoq8Y0AD9bfpDfum05OgIBRO+3O/yMEG8lyd9EUfM5Fmh+BpuDYzvn98ISx
RVD2O+3A4zwsx4hQ+kioQdH5W0KHTN49Oo9it4qvVE0e9VLALNs5b2oNUKiTWhLV
sObvjNuEqEB3fxXhhBsq3YBJEJqdhRMsvGvozVzfXmDR+gQqtumm5c5kMQnElTcQ
gZmj4ULU3d9tWoWhJMRb
=dMAJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.