Ubuntu has noticed that the patch used to fix CVE-2010-1000 was incomplete [1]. It would fix things like ../../tmp/foo but did not catch a single leading ../ (such as ../foo/bar). https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/757526 These patches from upstream fully fix it: http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468&view=patch http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469&view=patch [1] https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/757526
Created kdenetwork tracking bugs for this issue Affects: fedora-all [bug 697044]
This was assigned the name CVE-2011-1586.
As with CVE-2010-1000, this issue only affects Red Hat Enterprise Linux 6 and Fedora because only KDE 4.x has the vulnerable functionality. Older versions of KDE are not affected.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0465 https://rhn.redhat.com/errata/RHSA-2011-0465.html