SCIENTIFIC-LINUX-ERRATA Archives

April 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: kdenetwork on SL6.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Fri, 22 Apr 2011 15:04:08 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (30 lines) 
Synopsis:	Important: kdenetwork security update
Issue date:	2011-04-21
CVE Names:	CVE-2011-1586

A directory traversal flaw was found in the way KGet, a download 
manager, handled the "file" element in Metalink files. An attacker could 
use this flaw to create a specially-crafted Metalink file that, when 
opened, would cause KGet to overwrite arbitrary files accessible to the 
user running KGet. (CVE-2011-1586)

The desktop must be restarted (log out, then log back in) for this 
update to take effect.

SL 6.x

       SRPMS:
kdenetwork-4.3.4-11.el6_0.1.src.rpm
       i386:
kdenetwork-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm
       x86_64:
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2