[kdeutils] Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal
Than Ngo
than at fedoraproject.org
Tue Oct 18 15:02:01 UTC 2011
commit 953b9fc6f446a5d70639782638cbe0a124c54376
Author: Than Ngo <than at redhat.com>
Date: Tue Oct 18 17:01:52 2011 +0200
Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal
kdeutils-4.7.2-CVE-2011-2725.patch | 21 +++++++++++++++++++++
kdeutils.spec | 8 +++++++-
2 files changed, 28 insertions(+), 1 deletions(-)
---
diff --git a/kdeutils-4.7.2-CVE-2011-2725.patch b/kdeutils-4.7.2-CVE-2011-2725.patch
new file mode 100644
index 0000000..50315c0
--- /dev/null
+++ b/kdeutils-4.7.2-CVE-2011-2725.patch
@@ -0,0 +1,21 @@
+diff -up kdeutils-4.7.2/ark/part/part.cpp.orig kdeutils-4.7.2/ark/part/part.cpp
+--- kdeutils-4.7.2/ark/part/part.cpp.orig 2011-10-18 16:57:02.000000000 +0200
++++ kdeutils-4.7.2/ark/part/part.cpp 2011-10-18 16:57:45.000000000 +0200
+@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo
+ if (!job->error()) {
+ const ArchiveEntry& entry =
+ m_model->entryForIndex(m_view->selectionModel()->currentIndex());
+- const QString fullName =
+- m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
++
++ QString fullName =
++ m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString();
++
++ // Make sure a maliciously crafted archive with parent folders named ".." do
++ // not cause the previewed file path to be located outside the temporary
++ // directory, resulting in a directory traversal issue.
++ fullName.remove(QLatin1String("../"));
++
+ ArkViewer::view(fullName, widget());
+ } else {
+ KMessageBox::error(widget(), job->errorString());
diff --git a/kdeutils.spec b/kdeutils.spec
index 1c79aac..441e3a1 100644
--- a/kdeutils.spec
+++ b/kdeutils.spec
@@ -5,7 +5,7 @@
Name: kdeutils
Epoch: 6
Version: 4.7.2
-Release: 1%{?dist}.1
+Release: 2%{?dist}
Summary: KDE Utilities
Group: Applications/System
@@ -21,6 +21,8 @@ Patch50: kdeutils-4.7.1-gpg2.patch
Patch51: kdeutils-4.7.1-job-originating-user-name.patch
## upstream patches
+# CVE-2011-2725 kdeutils (ark): Path traversal flaw
+Patch100: kdeutils-4.7.2-CVE-2011-2725.patch
## trunk, added to trunk/4.7, add support for automatic printer driver installation (Tim Waugh, #576660)
Patch200: kdeutils-4.4.1-printer-applet-InstallPrinterDrivers.patch
@@ -216,6 +218,7 @@ Requires: system-config-printer-udev
%patch50 -p1 -b .gpg2
%patch51 -p1 -b .job-originating-user-name
+%patch100 -p1 -b .CVE-2011-2725
%patch200 -p1 -b .InstallPrinterDrivers
@@ -534,6 +537,9 @@ fi
%changelog
+* Tue Oct 18 2011 Than Ngo <than at redhat.com> 6:4.7.2-2
+- Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal
+
* Wed Oct 12 2011 Peter Schiffer <pschiffe at redhat.com> - 6:4.7.2-1.1
- rebuild with new gmp
More information about the scm-commits
mailing list