Bug 697042 (CVE-2011-1586)

Summary: CVE-2011-1586 kdenetwork: incomplete fix for CVE-2010-1000
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: alekcejk, collura, jlieskov, jreznik, kevin, ltinkl, rcvalle, rdieter, rnovacek, smparrish, than, tpelka
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-31 09:18:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 697044, 697045, 697046    
Bug Blocks:    

Description Vincent Danen 2011-04-15 16:57:27 UTC 
Ubuntu has noticed that the patch used to fix CVE-2010-1000 was incomplete [1].  It would fix things like ../../tmp/foo but did not catch a single leading ../ (such as ../foo/bar).
https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/757526

These patches from upstream fully fix it:

http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468&view=patch
http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469&view=patch

[1] https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/757526
Comment 2 Vincent Danen 2011-04-15 17:00:54 UTC 
Created kdenetwork tracking bugs for this issue

Affects: fedora-all [bug 697044]
Comment 3 Vincent Danen 2011-04-15 19:39:35 UTC 
This was assigned the name CVE-2011-1586.
Comment 4 Vincent Danen 2011-04-18 17:27:27 UTC 
As with CVE-2010-1000, this issue only affects Red Hat Enterprise Linux 6 and Fedora because only KDE 4.x has the vulnerable functionality.  Older versions of KDE are not affected.
Comment 10 errata-xmlrpc 2011-04-21 16:57:13 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0465 https://rhn.redhat.com/errata/RHSA-2011-0465.html