FreeBSD : kdelibs -- directory traversal vulnerability (4472ab39-6c66-11e6-9ca5-50e549ebab6c)
Medium Nessus Plugin ID 93144
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionDavid Faure reports :
A maliciously crafted archive (.zip or .tar.bz2) with '../' in the file paths could be offered for download via the KNewStuff framework (e.g. on www.kde-look.org), and upon extraction would install files anywhere in the user's home directory.
SolutionUpdate the affected package.