unsubscribe On 6 August 2016 at 20:53, Salvatore Bonaccorso <car...@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------ > ------------- > Debian Security Advisory DSA-3643-1 secur...@debian.org > https://www.debian.org/security/ Salvatore Bonaccorso > August 06, 2016 https://www.debian.org/security/faq > - ------------------------------------------------------------ > ------------- > > Package : kde4libs > CVE ID : CVE-2016-6232 > Debian Bug : 832620 > > Andreas Cord-Landwehr discovered that kde4libs, the core libraries > for all KDE 4 applications, do not properly handle the extraction > of archives with "../" in the file paths. A remote attacker can > take advantage of this flaw to overwrite files outside of the > extraction folder, if a user is tricked into extracting a specially > crafted archive. > > For the stable distribution (jessie), this problem has been fixed in > version 4:4.14.2-5+deb8u1. > > For the unstable distribution (sid), this problem has been fixed in > version 4:4.14.22-2. > > We recommend that you upgrade your kde4libs packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJXpj9CAAoJEAVMuPMTQ89EC84P+QFWqC/IxvzTF3WfbPx1nbiO > FhRKcFaf6vILCm7odq1UWBdFTbOrK4FNmMrfQz2Ud668v8TR9RcZcaMlzbD80wjB > c4hJUNsVho4ZnPHE2qwjsWaD7wre7oXO1XQZkwGj195fA5SBHd4hIXdtj/JnoBCO > jckH3RBP6T4pw1++/srTtiaOWGwCCtQ+I5RNJirZas3CytLXrBXzWdukq8h+rAPD > e+s/e6zwKcFYHVitgvglNJLSINr1bcZskAe4peaHGidJJ27e8D7UbK0wHTeDs/XD > ivvRhr7C149D6jUWyV8I6XNAUK5a304+fqTDMYkg7MJotryMFrNx7dv6Wxki78CC > WWsp0yS9WJ6vff2qL9qvsq6ZLObRX2JKQAOSnxQoS30c2qw+HoKe3cvzObvzD3ZS > fSnnk+VD2NJqX8rpHpjIWywWIT4MkRrK4zokRtjluAxACNFnyX3GL6o+HI/O2gfB > 7V1RXcmlcflG5yxURUNLF2GxugnxRa9LFJt8ASVBiOEipYwvrmNZdr7i+bN9yG9p > 5QGcZobQMLFz19vr6alGqeRf/Mb1iU9Eq3utkIX3zjMyghVF6MvW9GN2kd3fJe/l > l4H+gaWGJ4Awovl04vEbL+YnDlPJO2AVsXUo04DoTLzjUHdUYcvtpyyoQP9OoSOI > xWO05cm3IAHRmszWz7vH > =Ift4 > -----END PGP SIGNATURE----- > > -- Javier Burón CEO t: +44 (0)7453558155 e: *javierbu...@audiense.com <javierbu...@audiense.com>* <https://www.audiense.com/> SocialBro is now Audiense - read more <http://www.audiense.com/story-behind-new-company-name-marketing-social-identity-socialbro-renames-to-audiense/> [image: unnamed (2).png] <https://uk.linkedin.com/in/javierburon>
