Описание
ELSA-2011-0465: kdenetwork security update (IMPORTANT)
[7:4.3.4-11.1]
- CVE-2010-1000, improper sanitization of metalink attribute for downloading files
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kdenetwork
4.3.4-11.el6_0.1
kdenetwork-devel
4.3.4-11.el6_0.1
kdenetwork-libs
4.3.4-11.el6_0.1
Oracle Linux i686
kdenetwork
4.3.4-11.el6_0.1
kdenetwork-devel
4.3.4-11.el6_0.1
kdenetwork-libs
4.3.4-11.el6_0.1
Связанные CVE
Связанные уязвимости
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
Directory traversal vulnerability in the KGetMetalink::File::isValidNa ...
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.