DebianDEBIAN:DLA-570-1:57787[SECURITY] [DLA 570-1] kde4libs security update
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.014 Low
EPSS
Percentile
86.4%
Package : kde4libs
Version : 4:4.8.4-4+deb7u2
CVE ID : CVE-2016-6232
Debian Bug : 832620
It was possible to trick kde4libs's KArchiveDirectory::copyTo()
function to extract files to arbitrary system locations from
a specially prepared tar file outside of the extraction folder.
For Debian 7 "Wheezy", these problems have been fixed in version
4:4.8.4-4+deb7u2.
We recommend that you upgrade your kde4libs packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | amd64 | libnepomukutils4 | < 4:4.14.2-5+deb8u1 | libnepomukutils4_4:4.14.2-5+deb8u1_amd64.deb |
| Debian | 8 | s390x | libknewstuff2-4 | < 4:4.14.2-5+deb8u1 | libknewstuff2-4_4:4.14.2-5+deb8u1_s390x.deb |
| Debian | 7 | armel | libkdesu5 | < 4:4.8.4-4+deb7u2 | libkdesu5_4:4.8.4-4+deb7u2_armel.deb |
| Debian | 8 | kfreebsd-i386 | kdelibs-bin | < 4:4.14.2-5+deb8u1 | kdelibs-bin_4:4.14.2-5+deb8u1_kfreebsd-i386.deb |
| Debian | 7 | armhf | libkdeui5 | < 4:4.8.4-4+deb7u2 | libkdeui5_4:4.8.4-4+deb7u2_armhf.deb |
| Debian | 8 | mipsel | libkidletime4 | < 4:4.14.2-5+deb8u1 | libkidletime4_4:4.14.2-5+deb8u1_mipsel.deb |
| Debian | 8 | kfreebsd-amd64 | libkjsapi4 | < 4:4.14.2-5+deb8u1 | libkjsapi4_4:4.14.2-5+deb8u1_kfreebsd-amd64.deb |
| Debian | 8 | kfreebsd-amd64 | kdelibs5-dbg | < 4:4.14.2-5+deb8u1 | kdelibs5-dbg_4:4.14.2-5+deb8u1_kfreebsd-amd64.deb |
| Debian | 8 | mipsel | libkrossui4 | < 4:4.14.2-5+deb8u1 | libkrossui4_4:4.14.2-5+deb8u1_mipsel.deb |
| Debian | 7 | amd64 | libkjsembed4 | < 4:4.8.4-4+deb7u2 | libkjsembed4_4:4.8.4-4+deb7u2_amd64.deb |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.014 Low
EPSS
Percentile
86.4%