[USN-1114-1] KDENetwork vulnerability

看板Bugtraq作者jamie.時間15年前 (2011/04/20 02:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

--=-fW36cc/gZnB5Hlos+nnw Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Ubuntu Security Notice USN-1114-1 April 18, 2011 kdenetwork vulnerability =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 9.10 Summary: An attacker could overwrite files owned by the user if KGet opened a crafted metalink file. Software Description: - kdenetwork: networking applications for KDE 4 Details: It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: kget 4:4.5.1-0ubuntu2.2 Ubuntu 10.04 LTS: kget 4:4.4.5-0ubuntu1.1 Ubuntu 9.10: kget 4:4.3.2-0ubuntu4.5 After a standard system update you need to restart KGet to make all the necessary changes. References: CVE-2011-1586 Package Information: https://launchpad.net/ubuntu/+source/kdenetwork/4:4.5.1-0ubuntu2.2 https://launchpad.net/ubuntu/+source/kdenetwork/4:4.4.5-0ubuntu1.1 https://launchpad.net/ubuntu/+source/kdenetwork/4:4.3.2-0ubuntu4.5 --=-fW36cc/gZnB5Hlos+nnw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABCgAGBQJNrLlMAAoJEFHb3FjMVZVzPt0P/2OvT/Lew37IVlRq8Bt/4Ais Pv3Qy45E8nAaz0xGNJccY9YFFhPjMmh+W4L9t3WFVe2Y4AEmMcbpsng+0zjRJNEW 0KebEZBFqiX1UBs6PwDje4jBFeDGR28ZZ8slpAvUm+Cudv67QgQeznPFk135T18J PmqdKe2VxHAH6KliQ2r97IQ6XBMTQh3oHKv3ZZom9cLGXvl10cghiYwNqQPn7N5F i2869skBAjNO8A0nILnK1GNLa9if8kujg3pA4DgjnTb4F17JDpTTieWak2xp9+4c VPlpYqbq5D6SgIgDAA6QSXTe3xN3oVwemqEg0YkxOCkOLy01npatiGrqfT2VexZe 81zP5Kbr44Z7hHJfClOoICWliSW0MPbofHeWkJ8Kw4G3Ffdariy+2MgnZGwNIBId BBd5zepPVW8Lvhy2Ngk9nDHelafkT0rwC8ArjakgxSuaD+k1cPYXmzq1TxO9X0QW cMHVQhyxASe79kgBzjLGeectLe6Ak+4KdBnlDktxfbBFrGMjRZB2PxJ+2ZEd14q5 U38qKIg/h+3c8Ynd3JyYG9k18NRKDuIA3/XfnuLJ1lUv1DcQYfXFzlnhNcRLZo6h Hb1mghjKj+3QnM2T1yMHQVUgeuRvJq3uFFlYZJBZmAitDFCdW/5JYVsUdb5gmPin 9U+veyTtWY+VUaTeqiP3 =rk0Q -----END PGP SIGNATURE----- --=-fW36cc/gZnB5Hlos+nnw--

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 jamie. 的文章

文章代碼(AID): #1DhTKYkQ (Bugtraq)