Fedora 24 : kdelibs3 (2017-01eed6fe8c)

🗓️ 13 Mar 2017 00:00:00Reported by TenableType

Fedora 24 kdelibs3 security update fixes CVE-2016-6232 and CVE-2017-6410 for KDE 3 compatibility libraries

Reporter	Title	Published	Views	Family All 382
FreeBSD	kdelibs -- directory traversal vulnerability	24 Jul 201600:00	–	freebsd
CNVD	KDE KArchive Security Bypass Vulnerability	21 Jul 201600:00	–	cnvd
CNVD	KDE kio and kdelibs Information Disclosure Vulnerability	3 Mar 201700:00	–	cnvd
CVE	CVE-2016-6232	2 Aug 201616:00	–	cve
CVE	CVE-2017-6410	2 Mar 201706:00	–	cve
Cvelist	CVE-2016-6232	2 Aug 201616:00	–	cvelist
Cvelist	CVE-2017-6410	2 Mar 201706:00	–	cvelist
Debian	[SECURITY] [DLA 570-1] kde4libs security update	30 Jul 201600:07	–	debian
Debian	[SECURITY] [DLA 952-1] kde4libs security update	25 May 201716:25	–	debian
Debian	[SECURITY] [DSA 3643-1] kde4libs security update	6 Aug 201619:53	–	debian

Source	Link
bodhi	www.bodhi.fedoraproject.org/updates/FEDORA-2017-01eed6fe8c
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-01eed6fe8c.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(97672);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/30");

  script_cve_id("CVE-2016-6232", "CVE-2017-6410");
  script_xref(name:"FEDORA", value:"2017-01eed6fe8c");

  script_name(english:"Fedora 24 : kdelibs3 (2017-01eed6fe8c)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This kdelibs3 (KDE 3 compatibility libraries) update fixes the
security issues :

  - CVE-2016-6232 (karchive): Extraction of tar files
    possible to arbitrary system locations

  - CVE-2017-6410 (kio): Information Leak when accessing
    https when using a malicious PAC file

for the KDE 3 compatibility libraries. (Security updates for KDE
Frameworks 5 (kf5-karchive resp. kf5-kio) and for the KDE 4
compatibility libraries (kdelibs 4) have already been submitted.)

In addition, the KDE 3 compatibility version of KCrash was modified to
use the DrKonqi from Plasma 5 rather than from kde-runtime 4. (The
original KDE 3 DrKonqi was already dropped years ago.) The kde-runtime
4 DrKonqi is not installed by default and will be removed entirely in
future Fedora versions, the Plasma 5 version of DrKonqi can also be
used for legacy applications.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-01eed6fe8c");
  script_set_attribute(attribute:"solution", value:
"Update the affected kdelibs3 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6232");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kdelibs3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC24", reference:"kdelibs3-3.5.10-84.fc24")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdelibs3");
}

30 Dec 2025 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 25

CVSS 37.5

EPSS0.0639