LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2011-80 (kdenetwork)



From:
    	      Meltem Parmaksız <meltem@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2011-80] kdenetwork: Directory traversal
	vulnerability 


Date:
    	      Thu, 26 May 2011 15:01:52 +0300


Message-ID:
    	      <201105261501.52497.meltem@pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-80            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-05-11
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

A vuolnerability has been fixed in kdenetwork, which can be exploited by
attackers to create arbitrary files. 


Description
===========

CVE-2010-1000: 

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 
allows  remote attackers  to  create  arbitrary  files  via  directory  
traversal sequences in the name  attribute  of  a  file  element  in  a 
metalink file 


Affected packages:

  Pardus 2009:
    kdenetwork, all before 4.4.5-43-20
  Pardus 2011:
    kdenetwork, all before 4.5.5-54-p11


Resolution
==========

There are update(s) for kdenetwork. You can  update  them  via  Package 
Manager or with a single command from console: 

  Pardus 2009:
    pisi up kdenetwork

  Pardus 2011:
    pisi up kdenetwork


References
==========

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds