SB2016071151 - Fedora 24 update for breeze-icon-theme, extra-cmake-modules, kf5, kf5-attica, kf5-baloo, kf5-bluez-qt, kf5-frameworkintegration, kf5-kactivities, kf5-kactivities-stats, kf5-kapidox, kf5-karchive, kf5-kauth, kf5-kbookmarks, kf5-kcmutils, kf5-kcodecs, kf5-k
Published: July 11, 2016 Updated: April 24, 2025
Security Bulletin ID
SB2016071151
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Path traversal (CVE-ID: CVE-2016-6232)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in KArchive before 5.24, as used in KDE Frameworks. A remote attacker can trick the victim to open a specially crafted archive and data write to arbitrary files via a ./ (dot dot slash) in a filename, related to KNewsstuff downloads.
Remediation
Install update from vendor's website.