paul Posted May 19, 2010 Report Share Posted May 19, 2010 Multiple vulnerabilities has been discovered and fixed in kget (kdenetwork4): Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file (CVE-2010-1000). KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file (CVE-2010-1511). Packages for 2009.0 are provided due to the Extended Maintenance Program. The corrected packages solves these problems. Link to comment Share on other sites More sharing options...
Recommended Posts