|
|
| Problem Description |
A directory traversal vulnerability was found in KTorrent prior to
2.1.2, due to an incomplete fix for a prior directory traversal
vulnerability that was corrected in version 2.1.2. Previously,
KTorrent would only check for the string .., which could permit
strings such as ../.
Updated packages have been patched to correct this issue.
| Updated Packages |
Mandriva Linux 2007.1
b95f63a9b094263407b5edd9fe7ee6e2 2007.1/i586/ktorrent-2.1.2-2.1mdv2007.1.i586.rpm 32512bebd21d579d2fa762c387e8efda 2007.1/i586/libktorrent2.1.2-2.1.2-2.1mdv2007.1.i586.rpm 151fe82f8fa9c1a3bb568d96ee098e08 2007.1/SRPMS/ktorrent-2.1.2-2.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
545b1f969612aa961e48133c18cbb12f 2007.1/x86_64/ktorrent-2.1.2-2.1mdv2007.1.x86_64.rpm 5fa55787f9f581f79ade2254613222dd 2007.1/x86_64/lib64ktorrent2.1.2-2.1.2-2.1mdv2007.1.x86_64.rpm 151fe82f8fa9c1a3bb568d96ee098e08 2007.1/SRPMS/ktorrent-2.1.2-2.1mdv2007.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1799
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.