1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3643-1] kde4libs security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Aug 6 22:00:01 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3643-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : kde4libs
    CVE ID : CVE-2016-6232
    Debian Bug : 832620

    Andreas Cord-Landwehr discovered that kde4libs, the core libraries
    for all KDE 4 applications, do not properly handle the extraction
    of archives with "../" in the file paths. A remote attacker can
    take advantage of this flaw to overwrite files outside of the
    extraction folder, if a user is tricked into extracting a specially
    crafted archive.

    For the stable distribution (jessie), this problem has been fixed in
    version 4:4.14.2-5+deb8u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 4:4.14.22-2.

    We recommend that you upgrade your kde4libs packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJXpj9CAAoJEAVMuPMTQ89EC84P+QFWqC/IxvzTF3WfbPx1nbiO FhRKcFaf6vILCm7odq1UWBdFTbOrK4FNmMrfQz2Ud668v8TR9RcZcaMlzbD80wjB c4hJUNsVho4ZnPHE2qwjsWaD7wre7oXO1XQZkwGj195fA5SBHd4hIXdtj/JnoBCO jckH3RBP6T4pw1++/srTtiaOWGwCCtQ+I5RNJirZas3CytLXrBXzWdukq8h+rAPD e+s/e6zwKcFYHVitgvglNJLSINr1bcZskAe4peaHGidJJ27e8D7UbK0wHTeDs/XD ivvRhr7C149D6jUWyV8I6XNAUK5a304+fqTDMYkg7MJotryMFrNx7dv6Wxki78CC WWsp0yS9WJ6vff2qL9qvsq6ZLObRX2JKQAOSnxQoS30c2qw+HoKe3cvzObvzD3ZS fSnnk+VD2NJqX8rpHpjIWywWIT4MkRrK4zokRtjluAxACNFnyX3GL6o+HI/O2gfB 7V1RXcmlcflG5yxURUNLF2GxugnxRa9LFJt8ASVBiOEipYwvrmNZdr7i+bN9yG9p 5QGcZobQMLFz19vr6alGqeRf/Mb1iU9Eq3utkIX3zjMyghVF6MvW9GN2kd3fJe/l l4H+gaWGJ4Awovl04vEbL+YnDlPJO2AVsXUo04DoTLzjUHdUYcvtpyyoQP9OoSOI xWO05cm3IAHRmszWz7vH
    =Ift4
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)