Please Install the Updated Packages.

The kdenetwork packages contain networking applications for the K Desktop Environment (KDE). A directory traversal flaw was found in the way KGet, a download manager, handled the &quot file&quot element in Metalink files. An attacker could use this flaw to create a specially-crafted Metalink file that, when opened, would cause KGet to overwrite arbitrary files accessible to the user running KGet. (CVE-2011-1586) Users of kdenetwork should upgrade to these updated packages, which contain a backported patch to resolve this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.

kdenetwork on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6)

• https://www.redhat.com/archives/rhsa-announce/2011-April/msg00024.html

---

Updated on 2015-03-25