Jump to content
Compatible Support Forums
Sign in to follow this  
news

[SECURITY] [DLA 570-1] kde4libs security update

Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

Package : kde4libs

Version : 4:4.8.4-4+deb7u2

CVE ID : CVE-2016-6232

Debian Bug : 832620

 

 

It was possible to trick kde4libs's KArchiveDirectory::copyTo()

function to extract files to arbitrary system locations from

a specially prepared tar file outside of the extraction folder.

 

For Debian 7 "Wheezy", these problems have been fixed in version

4:4.8.4-4+deb7u2.

 

We recommend that you upgrade your kde4libs packages.

 

Further information about Debian LTS security advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2

 

iQIcBAEBCAAGBQJXm++mAAoJEPZk0la0aRp9QEIP/3hDZi/pjlxDpSrBN4PEvsjB

eCjInlj0naRagCR3/AC/4IMVCtfwQZr5UrT5cm497FLZvvFvbgjFgOVa2GeUEYu1

WlGBVrzf6qvrjeM2TFMFhBGK1dtIpTedzI0MVC7n9nGhuCOCPWCKmTNLcjhrR1/I

+nhYgTpLkYuTMnUPSd9yCeMXZDgeCTVtfMNLXQ+zl/Kn1XrLf9wN/2u8jQxQoTuX

kg/kKYq8UwqNEVERWsmaePiFkeeEf2UdDZ5U2JDY+uGm34rcXuvsWFKnGV5O38Aj

rT5HjUIgBEBzywjCxgj+GnkRyhtBX2YsR1h/Kc0lChi1xa+tY/rGH0kQKtUimYkC

1UQnVWZRQd+k7Fn2VyXHYh8W9pLoG6I+ocafDqWvJH71eFYxHcpjC601XLWP7LFd

MEu9rkTd44FNaxSljW29E062eetbtJ1XlmKoKp3rn83RaJ8sVf123NVAzylxfLZ7

jR8zq6pAZYEkG/qJA38zLnDEXlfFnLec1J/6h8uQgq6gJZgd93Ca8mUwiNO1en7M

Tnb8oY4DxgqDlI8Sp/ovc4EhXDTMQBbQuYSgMhXIL0zZ80kjXDLnKspBRo5GTfzB

Vz7lBusQwb1CkJviV+9MgSJzhRutblUH1hy4v4bjPxl4zM3YBuhRU8reOm3RnJIv

MpabyMBWLQWlXC2LwJG5

=tYnh

-----END PGP SIGNATURE-----

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×