[SECURITY] [DSA 3643-1] kde4libs security update

2016-08-0619:53:30

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.014 Low

EPSS

Percentile

86.4%

JSON

Debian Security Advisory DSA-3643-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
August 06, 2016 https://www.debian.org/security/faq

Package : kde4libs
CVE ID : CVE-2016-6232
Debian Bug : 832620

Andreas Cord-Landwehr discovered that kde4libs, the core libraries
for all KDE 4 applications, do not properly handle the extraction
of archives with "…/" in the file paths. A remote attacker can
take advantage of this flaw to overwrite files outside of the
extraction folder, if a user is tricked into extracting a specially
crafted archive.

For the stable distribution (jessie), this problem has been fixed in
version 4:4.14.2-5+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 4:4.14.22-2.

We recommend that you upgrade your kde4libs packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8amd64libnepomukutils4< 4:4.14.2-5+deb8u1libnepomukutils4_4:4.14.2-5+deb8u1_amd64.deb
Debian8s390xlibknewstuff2-4< 4:4.14.2-5+deb8u1libknewstuff2-4_4:4.14.2-5+deb8u1_s390x.deb
Debian7armellibkdesu5< 4:4.8.4-4+deb7u2libkdesu5_4:4.8.4-4+deb7u2_armel.deb
Debian8kfreebsd-i386kdelibs-bin< 4:4.14.2-5+deb8u1kdelibs-bin_4:4.14.2-5+deb8u1_kfreebsd-i386.deb
Debian7armhflibkdeui5< 4:4.8.4-4+deb7u2libkdeui5_4:4.8.4-4+deb7u2_armhf.deb
Debian8mipsellibkidletime4< 4:4.14.2-5+deb8u1libkidletime4_4:4.14.2-5+deb8u1_mipsel.deb
Debian8kfreebsd-amd64libkjsapi4< 4:4.14.2-5+deb8u1libkjsapi4_4:4.14.2-5+deb8u1_kfreebsd-amd64.deb
Debian8kfreebsd-amd64kdelibs5-dbg< 4:4.14.2-5+deb8u1kdelibs5-dbg_4:4.14.2-5+deb8u1_kfreebsd-amd64.deb
Debian8mipsellibkrossui4< 4:4.14.2-5+deb8u1libkrossui4_4:4.14.2-5+deb8u1_mipsel.deb
Debian7amd64libkjsembed4< 4:4.8.4-4+deb7u2libkjsembed4_4:4.8.4-4+deb7u2_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	amd64	libnepomukutils4	< 4:4.14.2-5+deb8u1	libnepomukutils4_4:4.14.2-5+deb8u1_amd64.deb
Debian	8	s390x	libknewstuff2-4	< 4:4.14.2-5+deb8u1	libknewstuff2-4_4:4.14.2-5+deb8u1_s390x.deb
Debian	7	armel	libkdesu5	< 4:4.8.4-4+deb7u2	libkdesu5_4:4.8.4-4+deb7u2_armel.deb
Debian	8	kfreebsd-i386	kdelibs-bin	< 4:4.14.2-5+deb8u1	kdelibs-bin_4:4.14.2-5+deb8u1_kfreebsd-i386.deb
Debian	7	armhf	libkdeui5	< 4:4.8.4-4+deb7u2	libkdeui5_4:4.8.4-4+deb7u2_armhf.deb
Debian	8	mipsel	libkidletime4	< 4:4.14.2-5+deb8u1	libkidletime4_4:4.14.2-5+deb8u1_mipsel.deb
Debian	8	kfreebsd-amd64	libkjsapi4	< 4:4.14.2-5+deb8u1	libkjsapi4_4:4.14.2-5+deb8u1_kfreebsd-amd64.deb
Debian	8	kfreebsd-amd64	kdelibs5-dbg	< 4:4.14.2-5+deb8u1	kdelibs5-dbg_4:4.14.2-5+deb8u1_kfreebsd-amd64.deb
Debian	8	mipsel	libkrossui4	< 4:4.14.2-5+deb8u1	libkrossui4_4:4.14.2-5+deb8u1_mipsel.deb
Debian	7	amd64	libkjsembed4	< 4:4.8.4-4+deb7u2	libkjsembed4_4:4.8.4-4+deb7u2_amd64.deb