[SECURITY] [DLA 570-1] kde4libs security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 570-1] kde4libs security update
From: Balint Reczey <balint@balintreczey.hu>
Date: Sat, 30 Jul 2016 02:07:02 +0200
Message-id: <[🔎] f800ab9a-7cee-b4b8-f80e-97af74525876@balintreczey.hu>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : kde4libs
Version        : 4:4.8.4-4+deb7u2
CVE ID         : CVE-2016-6232
Debian Bug     : 832620


It was possible to trick kde4libs's KArchiveDirectory::copyTo()
function to extract files to arbitrary system locations from
a specially prepared tar file outside of the extraction folder.

For Debian 7 "Wheezy", these problems have been fixed in version
4:4.8.4-4+deb7u2.

We recommend that you upgrade your kde4libs packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXm++mAAoJEPZk0la0aRp9QEIP/3hDZi/pjlxDpSrBN4PEvsjB
eCjInlj0naRagCR3/AC/4IMVCtfwQZr5UrT5cm497FLZvvFvbgjFgOVa2GeUEYu1
WlGBVrzf6qvrjeM2TFMFhBGK1dtIpTedzI0MVC7n9nGhuCOCPWCKmTNLcjhrR1/I
+nhYgTpLkYuTMnUPSd9yCeMXZDgeCTVtfMNLXQ+zl/Kn1XrLf9wN/2u8jQxQoTuX
kg/kKYq8UwqNEVERWsmaePiFkeeEf2UdDZ5U2JDY+uGm34rcXuvsWFKnGV5O38Aj
rT5HjUIgBEBzywjCxgj+GnkRyhtBX2YsR1h/Kc0lChi1xa+tY/rGH0kQKtUimYkC
1UQnVWZRQd+k7Fn2VyXHYh8W9pLoG6I+ocafDqWvJH71eFYxHcpjC601XLWP7LFd
MEu9rkTd44FNaxSljW29E062eetbtJ1XlmKoKp3rn83RaJ8sVf123NVAzylxfLZ7
jR8zq6pAZYEkG/qJA38zLnDEXlfFnLec1J/6h8uQgq6gJZgd93Ca8mUwiNO1en7M
Tnb8oY4DxgqDlI8Sp/ovc4EhXDTMQBbQuYSgMhXIL0zZ80kjXDLnKspBRo5GTfzB
Vz7lBusQwb1CkJviV+9MgSJzhRutblUH1hy4v4bjPxl4zM3YBuhRU8reOm3RnJIv
MpabyMBWLQWlXC2LwJG5
=tYnh
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 569-1] xmlrpc-epi security update
Next by Date: [SECURITY] [DLA 571-1] xen security update
Previous by thread: [SECURITY] [DLA 569-1] xmlrpc-epi security update
Next by thread: [SECURITY] [DLA 571-1] xen security update
Index(es):
- Date
- Thread