CVE-2006-6979 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-6979 Interim 1 3 2021-06-09T08:39:09Z current 2021-05-30T12:37:26Z 2021-06-09T08:39:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-6979 The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. CVE-2006-6979 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P