Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3355 at MITRE


(1), (2), (3), and (4) in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
CVSS v2 Scores
  National Vulnerability Database
Base Score 3.58
Vector AV:L/AC:L/Au:N/C:N/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact Partial

SUSE information

SUSE Bugzilla entry: 768681 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.4
  • rhythmbox >= 0.13.3-8.1
  • rhythmbox-debuginfo >= 0.13.3-8.1
  • rhythmbox-debugsource >= 0.13.3-8.1
  • rhythmbox-devel >= 0.13.3-8.1
  • rhythmbox-lang >= 0.13.3-8.1