CVE-2012-3355
Published: 27 June 2012
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
Notes
Author | Note |
---|---|
jdstrand | does not affect 11.04 and earlier Context plugin not enabled by default in Ubuntu upstream has not settled on a patch, but after analyzing the proposed patch, it should address the issue sufficiently (see comment #2 from the upstream bug) |