Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 25 Jun 2012 11:04:59 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Hans Spaans <hans.spaans@...it.nl>, Josselin Mouette <joss@...ian.org>,
        Bastien Nocera <bnocera@...hat.com>
Subject: Re: CVE 2011-* Request -- rhythmbox (context plug-in):
 Insecure temporary directory use by loading template files for 'Album', 'Lyrics',
 and 'Artist' tabs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/25/2012 07:36 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> An insecure temporary directory use flaw was found in the way 
> Rhythmbox, an integrated music management application based on the 
> powerful GStreamer media framework, performed loading of HTML
> template files, used for rendering of 'Album', 'Lyrics', and
> 'Artist' tabs. Previously the '/tmp/context' directory has been
> searched as module directory when loading the HTML template files.
> A local attacker could use this flaw to conduct symbolic link
> attacks (possibly leading to attacker's ability to execute
> arbitrary HTML template file in the context of user running the
> rhythmbox executable).
> 
> Upstream bug report: [1]
> https://bugzilla.gnome.org/show_bug.cgi?id=678661
> 
> References: [2]
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673 [3]
> https://bugzilla.redhat.com/show_bug.cgi?id=835076
> 
> Please note the [2] bug has been reported / opened on: "Date: Sun,
> 06 Mar 2011 14:58:46 +0100" yet, so this should get a CVE-2011-*
> identifier. Could you allocate one?
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team

Please use CVE-2012-3355 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP6Jo6AAoJEBYNRVNeJnmTw/MQALV9lNTYVGsaGF5DDvnqSyNT
i+EqGjSphdwMqjPMrvkRt30OHF9cQrfUcw5EwMGVfBpcI/OSZzSyZKrFDoW9EVxt
c+aLx19i457Qe2cmRaWW/UYvXSadlwyKaZpM9B+aVfw+rnRW9ElV+sswkc9iTvkV
MOz5Ytf3dBD6gf9XsM8cPGG9Cp4fLnkOErU3BVEJgJWM2i3GhxzWMvWTZJLBghvM
epF4im0QR+H2UzyJ34u4tZMxJ6SXrk2vRD7UD4b4KqpL7Hs44qIaMemCDoNXx9ig
uFjQZniH+5NIzWGrsHyrRncIKemLTeZ07cVjcj5AWwrkIT8ZNd9TM9YuG1JyyXMg
HInmzY3etSYyrJNAZmoxylQ7HGeB7cKLipKjfO5RzBwMvFaZXLrxVTVeXZORqBQm
XNN7SvOj9K+HT0f92ApLqUniBmgBqF8thZYlpGaAoZ9FvPkg08nhMhZP38ozlLet
wLrbPEoq8Y0AD9bfpDfum05OgIBRO+3O/yMEG8lyd9EUfM5Fmh+BpuDYzvn98ISx
RVD2O+3A4zwsx4hQ+kioQdH5W0KHTN49Oo9it4qvVE0e9VLALNs5b2oNUKiTWhLV
sObvjNuEqEB3fxXhhBsq3YBJEJqdhRMsvGvozVzfXmDR+gQqtumm5c5kMQnElTcQ
gZmj4ULU3d9tWoWhJMRb
=dMAJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ