Support / Sécurité / Annonces de sécurité / Mandriva Linux 2007.1 / MDKSA-2007:095

Nom du paquet: ktorrent
Date: 2007-05-01
Advisory ID: MDKSA-2007:095
Affected versions: 2007.1 i586 , 2007.1 x86_64

Problem description

A directory traversal vulnerability was found in KTorrent prior to
2.1.2, due to an incomplete fix for a prior directory traversal
vulnerability that was corrected in version 2.1.2. Previously,
KTorrent would only check for the string .., which could permit
strings such as ../.

Updated packages have been patched to correct this issue.

Updated packages

2007.1 i586

 b95f63a9b094263407b5edd9fe7ee6e2  2007.1/i586/ktorrent-2.1.2-2.1mdv2007.1.i586.rpm
 32512bebd21d579d2fa762c387e8efda  2007.1/i586/libktorrent2.1.2-2.1.2-2.1mdv2007.1.i586.rpm 
 151fe82f8fa9c1a3bb568d96ee098e08  2007.1/SRPMS/ktorrent-2.1.2-2.1mdv2007.1.src.rpm

2007.1 x86_64

 545b1f969612aa961e48133c18cbb12f  2007.1/x86_64/ktorrent-2.1.2-2.1mdv2007.1.x86_64.rpm
 5fa55787f9f581f79ade2254613222dd  2007.1/x86_64/lib64ktorrent2.1.2-2.1.2-2.1mdv2007.1.x86_64.rpm 
 151fe82f8fa9c1a3bb568d96ee098e08  2007.1/SRPMS/ktorrent-2.1.2-2.1mdv2007.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1799