Mandriva Linux Security Advisory : kdenetwork4 (MDVSA-2010:098)
Medium Nessus Plugin ID 46664
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been discovered and fixed in kget (kdenetwork4) :
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file (CVE-2010-1000).
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file (CVE-2010-1511).
Packages for 2009.0 are provided due to the Extended Maintenance Program.
The corrected packages solves these problems.
SolutionUpdate the affected packages.