Ubuntu Security Notice 4100-1 - It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file.
94d50b13c51638daf9db02d19ba31bdcae667c02371857be73dd9cdd16b2bfb4
Debian Linux Security Advisory 3643-1 - Andreas Cord-Landwehr discovered that kde4libs, the core libraries for all KDE 4 applications, do not properly handle the extraction of archives with "../" in the file paths. A remote attacker can take advantage of this flaw to overwrite files outside of the extraction folder, if a user is tricked into extracting a specially crafted archive.
1a422b9171b9b97d6f54f2f24d9ac352542725ab10a25b57aceca0e4e76ae95b
Ubuntu Security Notice 3042-1 - Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially-crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory.
5f7cf77b7f5501688cb173a4207132ce4d544206d68f7befd58ae819acd5d38b