漏洞信息
Debian has released security update for kde4libs to fix the vulnerabilities.
漏洞危害
Successful exploitation allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
解决方案
Refer to Debian security advisory DSA 3643-1 to address this issue and obtain further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
www.0daybank.org
文章评论