[kdeutils/f15] Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal
Than Ngo
than at fedoraproject.org
Wed Oct 19 12:07:42 UTC 2011
commit 69ac072f04a72ec40ae236222c3eec3dbb4b06af
Author: Than Ngo <than at redhat.com>
Date: Wed Oct 19 14:07:34 2011 +0200
Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal
kdeutils-4.7.2-CVE-2011-2725.patch | 21 +++++++++++++++++++++
kdeutils.spec | 9 +++++++--
2 files changed, 28 insertions(+), 2 deletions(-)
---
diff --git a/kdeutils-4.7.2-CVE-2011-2725.patch b/kdeutils-4.7.2-CVE-2011-2725.patch
new file mode 100644
index 0000000..50315c0
--- /dev/null
+++ b/kdeutils-4.7.2-CVE-2011-2725.patch
@@ -0,0 +1,21 @@
+diff -up kdeutils-4.7.2/ark/part/part.cpp.orig kdeutils-4.7.2/ark/part/part.cpp
+--- kdeutils-4.7.2/ark/part/part.cpp.orig 2011-10-18 16:57:02.000000000 +0200
++++ kdeutils-4.7.2/ark/part/part.cpp 2011-10-18 16:57:45.000000000 +0200
+@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo
+ if (!job->error()) {
+ const ArchiveEntry& entry =
+ m_model->entryForIndex(m_view->selectionModel()->currentIndex());
+- const QString fullName =
+- m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
++
++ QString fullName =
++ m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString();
++
++ // Make sure a maliciously crafted archive with parent folders named ".." do
++ // not cause the previewed file path to be located outside the temporary
++ // directory, resulting in a directory traversal issue.
++ fullName.remove(QLatin1String("../"));
++
+ ArkViewer::view(fullName, widget());
+ } else {
+ KMessageBox::error(widget(), job->errorString());
diff --git a/kdeutils.spec b/kdeutils.spec
index badcfe5..345a3ec 100644
--- a/kdeutils.spec
+++ b/kdeutils.spec
@@ -1,4 +1,3 @@
-
%if 0%{?fedora}
%define printer_applet 1
%endif
@@ -6,7 +5,7 @@
Name: kdeutils
Epoch: 6
Version: 4.6.5
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: KDE Utilities
Group: Applications/System
@@ -23,6 +22,8 @@ Patch50: kdeutils-4.6.1-gpg2.patch
## upstream patches
# Number buttons cannot be used in kcalc, kde#256591
Patch100: kdeutils-4.6.5-kcalc-bz#719306.patch
+# CVE-2011-2725 KDE Utilities Ark path traversal
+Patch101: kdeutils-4.7.2-CVE-2011-2725.patch
## trunk, added to trunk/4.7, add support for automatic printer driver installation (Tim Waugh, #576660)
Patch200: kdeutils-4.4.1-printer-applet-InstallPrinterDrivers.patch
@@ -126,6 +127,7 @@ Requires: kdelibs4-devel
%patch50 -p1 -b .gpg2
%patch100 -p1 -b .kcalc
+%patch101 -p1 -b .CVE-2011-2725
%patch200 -p1 -b .InstallPrinterDrivers
@@ -337,6 +339,9 @@ fi
%changelog
+* Wed Oct 19 2011 Than Ngo <than at redhat.com> 6:4.6.5-3
+- Resolves: bz#744215, CVE-2011-2725 KDE Utilities Ark path traversal
+
* Thu Jul 07 2011 Than Ngo <than at redhat.com> - 6:4.6.5-2
- fix bz#719306, Number buttons cannot be used in kcalc
More information about the scm-commits
mailing list