Synopsis: Important: kdenetwork security update
Issue Date: 2011-04-21
CVE Numbers: CVE-2011-1586
—
The kdenetwork packages contain networking applications for the K Desktop
Environment (KDE).
A directory traversal flaw was found in the way KGet, a download manager,
handled the “file” element in Metalink files. An attacker could use this
flaw to create a specially-crafted Metalink file that, when opened, would
cause KGet to overwrite arbitrary files accessible to the user running
KGet. (CVE-2011-1586)
Users of kdenetwork should upgrade to these updated packages, which contain
a backported patch to resolve this issue. The desktop must be restarted
(log out, then log back in) for this update to take effect.
—
SL6
x86_64
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm
i386
kdenetwork-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm
– Scientific Linux Development Team
