[kdeutils] Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal

Tue Oct 18 15:02:01 UTC 2011

commit 953b9fc6f446a5d70639782638cbe0a124c54376
Author: Than Ngo <than at redhat.com>
Date:   Tue Oct 18 17:01:52 2011 +0200

    Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal

 kdeutils-4.7.2-CVE-2011-2725.patch |   21 +++++++++++++++++++++
 kdeutils.spec                      |    8 +++++++-
 2 files changed, 28 insertions(+), 1 deletions(-)
---

diff --git a/kdeutils-4.7.2-CVE-2011-2725.patch b/kdeutils-4.7.2-CVE-2011-2725.patch
new file mode 100644
index 0000000..50315c0
--- /dev/null
+++ b/kdeutils-4.7.2-CVE-2011-2725.patch
@@ -0,0 +1,21 @@
+diff -up kdeutils-4.7.2/ark/part/part.cpp.orig kdeutils-4.7.2/ark/part/part.cpp
+--- kdeutils-4.7.2/ark/part/part.cpp.orig	2011-10-18 16:57:02.000000000 +0200
++++ kdeutils-4.7.2/ark/part/part.cpp	2011-10-18 16:57:45.000000000 +0200
+@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo
+     if (!job->error()) {
+         const ArchiveEntry& entry =
+             m_model->entryForIndex(m_view->selectionModel()->currentIndex());
+-        const QString fullName =
+-            m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
++
++        QString fullName =
++            m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString();
++
++        // Make sure a maliciously crafted archive with parent folders named ".." do
++        // not cause the previewed file path to be located outside the temporary
++        // directory, resulting in a directory traversal issue.
++        fullName.remove(QLatin1String("../"));
++
+         ArkViewer::view(fullName, widget());
+     } else {
+         KMessageBox::error(widget(), job->errorString());
diff --git a/kdeutils.spec b/kdeutils.spec
index 1c79aac..441e3a1 100644
--- a/kdeutils.spec
+++ b/kdeutils.spec
@@ -5,7 +5,7 @@
 Name: kdeutils
 Epoch: 6
 Version: 4.7.2
-Release: 1%{?dist}.1
+Release: 2%{?dist}
 Summary: KDE Utilities
 
 Group: Applications/System
@@ -21,6 +21,8 @@ Patch50: kdeutils-4.7.1-gpg2.patch
 Patch51: kdeutils-4.7.1-job-originating-user-name.patch
 
 ## upstream patches
+# CVE-2011-2725 kdeutils (ark): Path traversal flaw
+Patch100: kdeutils-4.7.2-CVE-2011-2725.patch
 
 ## trunk, added to trunk/4.7, add support for automatic printer driver installation (Tim Waugh, #576660)
 Patch200: kdeutils-4.4.1-printer-applet-InstallPrinterDrivers.patch
@@ -216,6 +218,7 @@ Requires: system-config-printer-udev
 
 %patch50 -p1 -b .gpg2
 %patch51 -p1 -b .job-originating-user-name
+%patch100 -p1 -b .CVE-2011-2725
 %patch200 -p1 -b .InstallPrinterDrivers
 
 
@@ -534,6 +537,9 @@ fi
 
 
 %changelog
+* Tue Oct 18 2011 Than Ngo <than at redhat.com> 6:4.7.2-2
+- Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal
+
 * Wed Oct 12 2011 Peter Schiffer <pschiffe at redhat.com> - 6:4.7.2-1.1
 - rebuild with new gmp
 
