You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa kde4libs

Sigurnosni nedostatak programskog paketa kde4libs

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3643-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 06, 2016 https://www.debian.org/security/faq
– ————————————————————————-

Package : kde4libs
CVE ID : CVE-2016-6232
Debian Bug : 832620

Andreas Cord-Landwehr discovered that kde4libs, the core libraries
for all KDE 4 applications, do not properly handle the extraction
of archives with “../” in the file paths. A remote attacker can
take advantage of this flaw to overwrite files outside of the
extraction folder, if a user is tricked into extracting a specially
crafted archive.

For the stable distribution (jessie), this problem has been fixed in
version 4:4.14.2-5+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 4:4.14.22-2.

We recommend that you upgrade your kde4libs packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJXpj9CAAoJEAVMuPMTQ89EC84P+QFWqC/IxvzTF3WfbPx1nbiO
FhRKcFaf6vILCm7odq1UWBdFTbOrK4FNmMrfQz2Ud668v8TR9RcZcaMlzbD80wjB
c4hJUNsVho4ZnPHE2qwjsWaD7wre7oXO1XQZkwGj195fA5SBHd4hIXdtj/JnoBCO
jckH3RBP6T4pw1++/srTtiaOWGwCCtQ+I5RNJirZas3CytLXrBXzWdukq8h+rAPD
e+s/e6zwKcFYHVitgvglNJLSINr1bcZskAe4peaHGidJJ27e8D7UbK0wHTeDs/XD
ivvRhr7C149D6jUWyV8I6XNAUK5a304+fqTDMYkg7MJotryMFrNx7dv6Wxki78CC
WWsp0yS9WJ6vff2qL9qvsq6ZLObRX2JKQAOSnxQoS30c2qw+HoKe3cvzObvzD3ZS
fSnnk+VD2NJqX8rpHpjIWywWIT4MkRrK4zokRtjluAxACNFnyX3GL6o+HI/O2gfB
7V1RXcmlcflG5yxURUNLF2GxugnxRa9LFJt8ASVBiOEipYwvrmNZdr7i+bN9yG9p
5QGcZobQMLFz19vr6alGqeRf/Mb1iU9Eq3utkIX3zjMyghVF6MvW9GN2kd3fJe/l
l4H+gaWGJ4Awovl04vEbL+YnDlPJO2AVsXUo04DoTLzjUHdUYcvtpyyoQP9OoSOI
xWO05cm3IAHRmszWz7vH
=Ift4
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivosti programskog paketa Linux Kernel Live Patch 0

Otkriveno je više ranjivosti u programskom paketu Linux Kernel Live Patch 0 za SLE 12 SP1. Zahvaćene su razne komponente,...

Close