Referenced CVEs:
CVE-2008-3699
Description:
===========================================================Ubuntu Security Notice USN-657-1 October 21, 2008amarok vulnerabilityCVE-2008-3699===========================================================A security issue affects the following Ubuntu releases:Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.10: amarok 2:1.4.7-0ubuntu3.1Ubuntu 8.04 LTS: amarok 2:1.4.9.1-0ubuntu3.1After a standard system upgrade you need to restart Amarok to effectthe necessary changes.Details follow:Dwayne Litzenberger discovered that Amarok created temporary files inan insecure way. Local users could exploit a race condition to createor overwrite files with the privileges of the user invoking theprogram. (CVE-2008-3699)
More...