Debian Security Advisory DSA-3643-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
August 06, 2016 https://www.debian.org/security/faq
Package : kde4libs
CVE ID : CVE-2016-6232
Debian Bug : 832620
Andreas Cord-Landwehr discovered that kde4libs, the core libraries
for all KDE 4 applications, do not properly handle the extraction
of archives with "…/" in the file paths. A remote attacker can
take advantage of this flaw to overwrite files outside of the
extraction folder, if a user is tricked into extracting a specially
crafted archive.
For the stable distribution (jessie), this problem has been fixed in
version 4:4.14.2-5+deb8u1.
For the unstable distribution (sid), this problem has been fixed in
version 4:4.14.22-2.
We recommend that you upgrade your kde4libs packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | armel | libkjsapi4 | < 4.8.4-4+deb7u2 | libkjsapi4_4.8.4-4+deb7u2_armel.deb |
Debian | 7 | i386 | libkde3support4 | < 4.8.4-4+deb7u2 | libkde3support4_4.8.4-4+deb7u2_i386.deb |
Debian | 8 | ppc64el | libkimproxy4 | < 4.14.2-5+deb8u1 | libkimproxy4_4.14.2-5+deb8u1_ppc64el.deb |
Debian | 7 | armel | libkmediaplayer4 | < 4.8.4-4+deb7u2 | libkmediaplayer4_4.8.4-4+deb7u2_armel.deb |
Debian | 8 | ppc64el | libkdewebkit5 | < 4.14.2-5+deb8u1 | libkdewebkit5_4.14.2-5+deb8u1_ppc64el.deb |
Debian | 7 | i386 | libknewstuff2-4 | < 4.8.4-4+deb7u2 | libknewstuff2-4_4.8.4-4+deb7u2_i386.deb |
Debian | 7 | i386 | libkidletime4 | < 4.8.4-4+deb7u2 | libkidletime4_4.8.4-4+deb7u2_i386.deb |
Debian | 8 | mipsel | libkdecore5 | < 4.14.2-5+deb8u1 | libkdecore5_4.14.2-5+deb8u1_mipsel.deb |
Debian | 8 | arm64 | kdelibs5-plugins | < 4.14.2-5+deb8u1 | kdelibs5-plugins_4.14.2-5+deb8u1_arm64.deb |
Debian | 8 | powerpc | kdelibs5-dbg | < 4.14.2-5+deb8u1 | kdelibs5-dbg_4.14.2-5+deb8u1_powerpc.deb |