MDVSA-2010:098 -- Mandriva kdenetwork4ID: oval:org.secpod.oval:def:300250 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
A vulnerability has been discovered and fixed in kget : The name attribute of the file element of metalink files is not properly sanitized before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks . Packages for 2009.0 are provided due to the Extended Maintenance Program. The corrected packages solves these problems.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |