CVE-2011-2725

Publication date 29 October 2011

Last updated 24 July 2024

Ubuntu priority

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
kdeutils	11.10 oneiric	Fixed 4:4.7.1-0ubuntu3.1
	11.04 natty	Fixed 4:4.6.5-0ubuntu1.2
	10.10 maverick	Fixed 4:4.5.5-0ubuntu2.2
	10.04 LTS lucid	Fixed 4:4.4.5-0ubuntu1.2
	8.04 LTS hardy	Ignored

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
kdeutils	Upstream: http://commits.kde.org/ark/6f6c0b1 Upstream: http://commits.kde.org/ark/7cf0033 Upstream: http://commits.kde.org/ark/ccb5448 Upstream: http://commits.kde.org/ark/e88d227

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1276-1
KDE Utilities vulnerability
21 November 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-2725