Fedora 23 update for breeze-icon-theme, extra-cmake-modules, kf5, kf5-attica, kf5-baloo, kf5-bluez-qt, kf5-frameworkintegration, kf5-kactivities, kf5-kactivities-stats, kf5-kapidox, kf5-karchive, kf5-kauth, kf5-kbookmarks, kf5-kcmutils, kf5-kcodecs, kf5-k
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-6232 |
| CWE-ID | CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system oxygen-icon-theme Operating systems & Components / Operating system package or component kf5-threadweaver Operating systems & Components / Operating system package or component kf5-sonnet Operating systems & Components / Operating system package or component kf5-solid Operating systems & Components / Operating system package or component kf5-plasma Operating systems & Components / Operating system package or component kf5-networkmanager-qt Operating systems & Components / Operating system package or component kf5-modemmanager-qt Operating systems & Components / Operating system package or component kf5-kxmlrpcclient Operating systems & Components / Operating system package or component kf5-kxmlgui Operating systems & Components / Operating system package or component kf5-kwindowsystem Operating systems & Components / Operating system package or component kf5-kwidgetsaddons Operating systems & Components / Operating system package or component kf5-kwayland Operating systems & Components / Operating system package or component kf5-kwallet Operating systems & Components / Operating system package or component kf5-kunitconversion Operating systems & Components / Operating system package or component kf5-ktextwidgets Operating systems & Components / Operating system package or component kf5-ktexteditor Operating systems & Components / Operating system package or component kf5-kservice Operating systems & Components / Operating system package or component kf5-krunner Operating systems & Components / Operating system package or component kf5-kross Operating systems & Components / Operating system package or component kf5-kpty Operating systems & Components / Operating system package or component kf5-kplotting Operating systems & Components / Operating system package or component kf5-kpeople Operating systems & Components / Operating system package or component kf5-kparts Operating systems & Components / Operating system package or component kf5-kpackage Operating systems & Components / Operating system package or component kf5-knotifyconfig Operating systems & Components / Operating system package or component kf5-knotifications Operating systems & Components / Operating system package or component kf5-knewstuff Operating systems & Components / Operating system package or component kf5-kmediaplayer Operating systems & Components / Operating system package or component kf5-kjsembed Operating systems & Components / Operating system package or component kf5-kjs Operating systems & Components / Operating system package or component kf5-kjobwidgets Operating systems & Components / Operating system package or component kf5-kitemviews Operating systems & Components / Operating system package or component kf5-kitemmodels Operating systems & Components / Operating system package or component kf5-kio Operating systems & Components / Operating system package or component kf5-kinit Operating systems & Components / Operating system package or component kf5-kimageformats Operating systems & Components / Operating system package or component kf5-kidletime Operating systems & Components / Operating system package or component kf5-kiconthemes Operating systems & Components / Operating system package or component kf5-ki18n Operating systems & Components / Operating system package or component kf5-khtml Operating systems & Components / Operating system package or component kf5-kguiaddons Operating systems & Components / Operating system package or component kf5-kglobalaccel Operating systems & Components / Operating system package or component kf5-kfilemetadata Operating systems & Components / Operating system package or component kf5-kemoticons Operating systems & Components / Operating system package or component kf5-kdoctools Operating systems & Components / Operating system package or component kf5-kdnssd Operating systems & Components / Operating system package or component kf5-kdewebkit Operating systems & Components / Operating system package or component kf5-kdesu Operating systems & Components / Operating system package or component kf5-kdesignerplugin Operating systems & Components / Operating system package or component kf5-kdelibs4support Operating systems & Components / Operating system package or component kf5-kded Operating systems & Components / Operating system package or component kf5-kdeclarative Operating systems & Components / Operating system package or component kf5-kdbusaddons Operating systems & Components / Operating system package or component kf5-kcrash Operating systems & Components / Operating system package or component kf5-kcoreaddons Operating systems & Components / Operating system package or component kf5-kconfigwidgets Operating systems & Components / Operating system package or component kf5-kconfig Operating systems & Components / Operating system package or component kf5-kcompletion Operating systems & Components / Operating system package or component kf5-kcodecs Operating systems & Components / Operating system package or component kf5-kcmutils Operating systems & Components / Operating system package or component kf5-kbookmarks Operating systems & Components / Operating system package or component kf5-kauth Operating systems & Components / Operating system package or component kf5-karchive Operating systems & Components / Operating system package or component kf5-kapidox Operating systems & Components / Operating system package or component kf5-kactivities-stats Operating systems & Components / Operating system package or component kf5-kactivities Operating systems & Components / Operating system package or component kf5-frameworkintegration Operating systems & Components / Operating system package or component kf5-bluez-qt Operating systems & Components / Operating system package or component kf5-baloo Operating systems & Components / Operating system package or component kf5-attica Operating systems & Components / Operating system package or component kf5 Operating systems & Components / Operating system package or component extra-cmake-modules Operating systems & Components / Operating system package or component breeze-icon-theme Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Path traversal
EUVDB-ID: #VU20302
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-6232
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in KArchive before 5.24, as used in KDE Frameworks. A remote attacker can trick the victim to open a specially crafted archive and data write to arbitrary files via a ./ (dot dot slash) in a filename, related to KNewsstuff downloads.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 23
oxygen-icon-theme: before 5.24.0-1.fc23
kf5-threadweaver: before 5.24.0-1.fc23
kf5-sonnet: before 5.24.0-1.fc23
kf5-solid: before 5.24.0-1.fc23
kf5-plasma: before 5.24.0-1.fc23
kf5-networkmanager-qt: before 5.24.0-1.fc23
kf5-modemmanager-qt: before 5.24.0-1.fc23
kf5-kxmlrpcclient: before 5.24.0-1.fc23
kf5-kxmlgui: before 5.24.0-1.fc23
kf5-kwindowsystem: before 5.24.0-1.fc23
kf5-kwidgetsaddons: before 5.24.0-1.fc23
kf5-kwayland: before 5.24.0-1.fc23
kf5-kwallet: before 5.24.0-1.fc23
kf5-kunitconversion: before 5.24.0-1.fc23
kf5-ktextwidgets: before 5.24.0-1.fc23
kf5-ktexteditor: before 5.24.0-1.fc23
kf5-kservice: before 5.24.0-1.fc23
kf5-krunner: before 5.24.0-1.fc23
kf5-kross: before 5.24.0-1.fc23
kf5-kpty: before 5.24.0-1.fc23
kf5-kplotting: before 5.24.0-1.fc23
kf5-kpeople: before 5.24.0-1.fc23
kf5-kparts: before 5.24.0-1.fc23
kf5-kpackage: before 5.24.0-1.fc23
kf5-knotifyconfig: before 5.24.0-1.fc23
kf5-knotifications: before 5.24.0-1.fc23
kf5-knewstuff: before 5.24.0-1.fc23
kf5-kmediaplayer: before 5.24.0-1.fc23
kf5-kjsembed: before 5.24.0-1.fc23
kf5-kjs: before 5.24.0-1.fc23
kf5-kjobwidgets: before 5.24.0-1.fc23
kf5-kitemviews: before 5.24.0-1.fc23
kf5-kitemmodels: before 5.24.0-1.fc23
kf5-kio: before 5.24.0-1.fc23
kf5-kinit: before 5.24.0-1.fc23
kf5-kimageformats: before 5.24.0-1.fc23
kf5-kidletime: before 5.24.0-1.fc23
kf5-kiconthemes: before 5.24.0-1.fc23
kf5-ki18n: before 5.24.0-1.fc23
kf5-khtml: before 5.24.0-1.fc23
kf5-kguiaddons: before 5.24.0-1.fc23
kf5-kglobalaccel: before 5.24.0-1.fc23
kf5-kfilemetadata: before 5.24.0-1.fc23
kf5-kemoticons: before 5.24.0-1.fc23
kf5-kdoctools: before 5.24.0-1.fc23
kf5-kdnssd: before 5.24.0-1.fc23
kf5-kdewebkit: before 5.24.0-1.fc23
kf5-kdesu: before 5.24.0-1.fc23
kf5-kdesignerplugin: before 5.24.0-1.fc23
kf5-kdelibs4support: before 5.24.0-1.fc23
kf5-kded: before 5.24.0-1.fc23
kf5-kdeclarative: before 5.24.0-1.fc23
kf5-kdbusaddons: before 5.24.0-1.fc23
kf5-kcrash: before 5.24.0-1.fc23
kf5-kcoreaddons: before 5.24.0-1.fc23
kf5-kconfigwidgets: before 5.24.0-1.fc23
kf5-kconfig: before 5.24.0-1.fc23
kf5-kcompletion: before 5.24.0-1.fc23
kf5-kcodecs: before 5.24.0-1.fc23
kf5-kcmutils: before 5.24.0-1.fc23
kf5-kbookmarks: before 5.24.0-1.fc23
kf5-kauth: before 5.24.0-1.fc23
kf5-karchive: before 5.24.0-1.fc23
kf5-kapidox: before 5.24.0-1.fc23
kf5-kactivities-stats: before 5.24.0-1.fc23
kf5-kactivities: before 5.24.0-1.fc23
kf5-frameworkintegration: before 5.24.0-1.fc23
kf5-bluez-qt: before 5.24.0-1.fc23
kf5-baloo: before 5.24.0-1.fc23
kf5-attica: before 5.24.0-1.fc23
kf5: before 5.24.0-1.fc23
extra-cmake-modules: before 5.24.0-1.fc23
breeze-icon-theme: before 5.24.0-1.fc23
CPE2.3- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:oxygen-icon-theme:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-threadweaver:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-sonnet:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-solid:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-plasma:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-networkmanager-qt:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-modemmanager-qt:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kxmlrpcclient:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kxmlgui:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kwindowsystem:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kwidgetsaddons:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kwayland:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kwallet:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kunitconversion:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-ktextwidgets:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-ktexteditor:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kservice:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-krunner:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kross:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kpty:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kplotting:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kpeople:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kparts:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kpackage:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-knotifyconfig:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-knotifications:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-knewstuff:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kmediaplayer:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kjsembed:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kjs:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kjobwidgets:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kitemviews:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kitemmodels:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kio:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kinit:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kimageformats:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kidletime:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kiconthemes:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-ki18n:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-khtml:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kguiaddons:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kglobalaccel:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kfilemetadata:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kemoticons:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kdoctools:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kdnssd:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kdewebkit:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kdesu:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kdesignerplugin:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kdelibs4support:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kded:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kdeclarative:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kdbusaddons:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kcrash:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kcoreaddons:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kconfigwidgets:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kconfig:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kcompletion:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kcodecs:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kcmutils:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kbookmarks:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kauth:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-karchive:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kapidox:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kactivities-stats:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-kactivities:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-frameworkintegration:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-bluez-qt:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-baloo:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5-attica:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kf5:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:extra-cmake-modules:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:breeze-icon-theme:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cef912e3a4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
