[Bug 1668552] [NEW] KDE Project Security Advisory: ktnef: Directory Traversal
Philip Muškovac
yofel at gmx.net
Tue Feb 28 10:02:48 UTC 2017
*** This bug is a security vulnerability ***
Public security bug reported:
KDE Project Security Advisory
=============================
Title: ktnef: Directory Traversal
Risk Rating: Medium
CVE: TBC
Versions: ktnef <= 5.4.2 (KDE Applications 16.12.2)
Date: 27 February 2017
Overview
========
A directory traversal issue was found in ktnef which can
be exploited by tricking a user into opening a malicious winmail.dat file.
The issue allows to write files with the permission of the user opening
the winmail.dat file during extraction.
Solution
========
Update to ktnef >= 5.4.3 (KDE Applications 16.12.3) (when released)
Or apply the following patch:
https://commits.kde.org/ktnef/4ff38aa15487d69021aacad4b078500f77fb4ae8
** Affects: ktnef (Ubuntu)
Importance: High
Assignee: Kubuntu Developers (kubuntu-dev)
Status: Triaged
** Tags: kubuntu
** Tags added: kubuntu
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to ktnef in Ubuntu.
https://bugs.launchpad.net/bugs/1668552
Title:
KDE Project Security Advisory: ktnef: Directory Traversal
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ktnef/+bug/1668552/+subscriptions
More information about the kubuntu-bugs
mailing list