SciLinux: CVE-2011-1586 Important Kdenetwork Update on SL6.x

Apr 22, 2011 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory security issue update directory traversal important kdenetwork scientific linux

Important: kdenetwork security update

Date: Fri, 22 Apr 2011 15:04:08 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA Important: kdenetwork on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."

MIME-Version: 1.0

Synopsis:	Important: kdenetwork security update
Issue date:	2011-04-21
CVE Names:	CVE-2011-1586

A directory traversal flaw was found in the way KGet, a download
manager, handled the "file" element in Metalink files. An attacker could
use this flaw to create a specially-crafted Metalink file that, when
opened, would cause KGet to overwrite arbitrary files accessible to the
user running KGet. (CVE-2011-1586)

The desktop must be restarted (log out, then log back in) for this
update to take effect.

SL 6.x

 SRPMS:
kdenetwork-4.3.4-11.el6_0.1.src.rpm
 i386:
kdenetwork-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm
 x86_64:
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here