FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kdelibs -- directory traversal vulnerability

Affected packages
kdelibs < 4.14.10_7

Details

VuXML ID 4472ab39-6c66-11e6-9ca5-50e549ebab6c
Discovery 2016-07-24
Entry 2016-08-27

David Faure reports:

A maliciously crafted archive (.zip or .tar.bz2) with "../" in the file paths could be offered for download via the KNewStuff framework (e.g. on www.kde-look.org), and upon extraction would install files anywhere in the user's home directory.

References

CVE Name CVE-2016-6232
URL https://www.kde.org/info/security/advisory-20160724-1.txt