You are here

T-610: Red Hat kdenetwork security update

April 26, 2011 - 7:11am

Addthis

PROBLEM:

A directory traversal flaw was found in the way KGet, a download manager, handled the "file" element in Metalink files. An attacker could use this flaw to create a specially-crafted Metalink file that, when opened, would cause KGet to overwrite arbitrary files accessible to the user running KGet.

PLATFORM:

Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

ABSTRACT:

A directory traversal flaw was found in the way KGet, a download manager, handled the "file" element in Metalink files.

reference LINKS:

RHSA-2011:0465-1
CVE-2011-1586
RH Classification
RH Updates Support

IMPACT ASSESSMENT:

High

Discussion:

Updated kdenetwork packages that fix one security issue are now available for Red Hat Enterprise Linux 6.

Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

Solution:

Users of kdenetwork should upgrade to these updated packages, which contain a backported patch to resolve this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
Before applying this update, make sure all previously-released errata relevant to your system have been applied.

RH Bugzilla

Addthis