A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
Summary:
An attacker could overwrite files owned by the user if KGet opened a
crafted metalink file.
Software Description:
- kdenetwork: networking applications for KDE 4
Details:
It was discovered that KGet did not properly perform input validation when
processing metalink files. If a user were tricked into opening a crafted
metalink file, a remote attacker could overwrite files via directory
traversal, which could eventually lead to arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
kget 4:4.5.1-0ubuntu2.2
Ubuntu 10.04 LTS:
kget 4:4.4.5-0ubuntu1.1
Ubuntu 9.10:
kget 4:4.3.2-0ubuntu4.5
After a standard system update you need to restart KGet to make all the
necessary changes.
==
Ubuntu Security Notice USN-1114-1
April 18, 2011
kdenetwork vulnerability
========================================================================
==
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
Summary:
An attacker could overwrite files owned by the user if KGet opened a
crafted metalink file.
Software Description:
- kdenetwork: networking applications for KDE 4
Details:
It was discovered that KGet did not properly perform input validation when
processing metalink files. If a user were tricked into opening a crafted
metalink file, a remote attacker could overwrite files via directory
traversal, which could eventually lead to arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
kget 4:4.5.1-0ubuntu2.2
Ubuntu 10.04 LTS:
kget 4:4.4.5-0ubuntu1.1
Ubuntu 9.10:
kget 4:4.3.2-0ubuntu4.5
After a standard system update you need to restart KGet to make all the
necessary changes.
References:
CVE-2011-1586
Package Information:
https://launchpad.net/ubuntu/+source/kdenetwork/4:4.5.1-0ubuntu2.2
https://launchpad.net/ubuntu/+source/kdenetwork/4:4.4.5-0ubuntu1.1
https://launchpad.net/ubuntu/+source/kdenetwork/4:4.3.2-0ubuntu4.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJNrLlMAAoJEFHb3FjMVZVzPt0P/2OvT/Lew37IVlRq8Bt/4Ais
Pv3Qy45E8nAaz0xGNJccY9YFFhPjMmh+W4L9t3WFVe2Y4AEmMcbpsng+0zjRJNEW
0KebEZBFqiX1UBs6PwDje4jBFeDGR28ZZ8slpAvUm+Cudv67QgQeznPFk135T18J
PmqdKe2VxHAH6KliQ2r97IQ6XBMTQh3oHKv3ZZom9cLGXvl10cghiYwNqQPn7N5F
i2869skBAjNO8A0nILnK1GNLa9if8kujg3pA4DgjnTb4F17JDpTTieWak2xp9+4c
VPlpYqbq5D6SgIgDAA6QSXTe3xN3oVwemqEg0YkxOCkOLy01npatiGrqfT2VexZe
81zP5Kbr44Z7hHJfClOoICWliSW0MPbofHeWkJ8Kw4G3Ffdariy+2MgnZGwNIBId
BBd5zepPVW8Lvhy2Ngk9nDHelafkT0rwC8ArjakgxSuaD+k1cPYXmzq1TxO9X0QW
cMHVQhyxASe79kgBzjLGeectLe6Ak+4KdBnlDktxfbBFrGMjRZB2PxJ+2ZEd14q5
U38qKIg/h+3c8Ynd3JyYG9k18NRKDuIA3/XfnuLJ1lUv1DcQYfXFzlnhNcRLZo6h
Hb1mghjKj+3QnM2T1yMHQVUgeuRvJq3uFFlYZJBZmAitDFCdW/5JYVsUdb5gmPin
9U+veyTtWY+VUaTeqiP3
=rk0Q
-----END PGP SIGNATURE-----
[ reply ]