Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : kde4libs vulnerability (USN-3042-1)
Medium Nessus Plugin ID 92583
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionAndreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected libkdecore5 package.