CVE-2012-3355 - Steadier Sextoys

Description

(1) AlbumTab.py (2) ArtistTab.py (3) LinksTab.py and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.

Reference

http://www.openwall.com/lists/oss-security/2012/06/25/5 http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html http://www.ubuntu.com/usn/USN-1503-1 http://www.openwall.com/lists/oss-security/2012/06/25/7 https://bugzilla.gnome.org/show_bug.cgi?id=678661 http://www.securityfocus.com/bid/54186 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673 https://bugzilla.redhat.com/show_bug.cgi?id=835076 https://hermes.opensuse.org/messages/15351848 https://exchange.xforce.ibmcloud.com/vulnerabilities/76538