Debian Security Advisory 3643-1

Debian Security Advisory 3643-1: Posted Aug 7, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3643-1 - Andreas Cord-Landwehr discovered that kde4libs, the core libraries for all KDE 4 applications, do not properly handle the extraction of archives with "../" in the file paths. A remote attacker can take advantage of this flaw to overwrite files outside of the extraction folder, if a user is tricked into extracting a specially crafted archive.; tags | advisory, remote; systems | linux, debian; advisories | CVE-2016-6232; SHA-256 | 1a422b9171b9b97d6f54f2f24d9ac352542725ab10a25b57aceca0e4e76ae95b; Download | Favorite | View

Debian Security Advisory 3643-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3643-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 06, 2016                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : kde4libs
CVE ID         : CVE-2016-6232
Debian Bug     : 832620

Andreas Cord-Landwehr discovered that kde4libs, the core libraries
for all KDE 4 applications, do not properly handle the extraction
of archives with "../" in the file paths. A remote attacker can
take advantage of this flaw to overwrite files outside of the
extraction folder, if a user is tricked into extracting a specially
crafted archive.

For the stable distribution (jessie), this problem has been fixed in
version 4:4.14.2-5+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 4:4.14.22-2.

We recommend that you upgrade your kde4libs packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXpj9CAAoJEAVMuPMTQ89EC84P+QFWqC/IxvzTF3WfbPx1nbiO
FhRKcFaf6vILCm7odq1UWBdFTbOrK4FNmMrfQz2Ud668v8TR9RcZcaMlzbD80wjB
c4hJUNsVho4ZnPHE2qwjsWaD7wre7oXO1XQZkwGj195fA5SBHd4hIXdtj/JnoBCO
jckH3RBP6T4pw1++/srTtiaOWGwCCtQ+I5RNJirZas3CytLXrBXzWdukq8h+rAPD
e+s/e6zwKcFYHVitgvglNJLSINr1bcZskAe4peaHGidJJ27e8D7UbK0wHTeDs/XD
ivvRhr7C149D6jUWyV8I6XNAUK5a304+fqTDMYkg7MJotryMFrNx7dv6Wxki78CC
WWsp0yS9WJ6vff2qL9qvsq6ZLObRX2JKQAOSnxQoS30c2qw+HoKe3cvzObvzD3ZS
fSnnk+VD2NJqX8rpHpjIWywWIT4MkRrK4zokRtjluAxACNFnyX3GL6o+HI/O2gfB
7V1RXcmlcflG5yxURUNLF2GxugnxRa9LFJt8ASVBiOEipYwvrmNZdr7i+bN9yG9p
5QGcZobQMLFz19vr6alGqeRf/Mb1iU9Eq3utkIX3zjMyghVF6MvW9GN2kd3fJe/l
l4H+gaWGJ4Awovl04vEbL+YnDlPJO2AVsXUo04DoTLzjUHdUYcvtpyyoQP9OoSOI
xWO05cm3IAHRmszWz7vH
=Ift4
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 247 files
indoushka 101 files
Ubuntu 87 files
Gentoo 36 files
Jasper Nota 25 files
Debian 21 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,775)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,536)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,750)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other

Debian Security Advisory 3643-1

Debian Security Advisory 3643-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3643-1

Share This

Debian Security Advisory 3643-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems