Package kodi updated to version 17.3-alt0.M80P.1 for branch p8 in task 185499.

Published: 2017-02-28
Modified: 2024-11-21

CVE-2017-5982

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

http://packetstormsecurity.com/files/141043/Kodi-17.1-Arbitrary-File-Disclosure.html
http://packetstormsecurity.com/files/141043/Kodi-17.1-Arbitrary-File-Disclosure.html
20170214 [Kodi v17.1] - Local File Inclusion
20170214 [Kodi v17.1] - Local File Inclusion
96481
96481
[debian-lts-announce] 20240123 [SECURITY] [DLA 3712-1] kodi security update
[debian-lts-announce] 20240123 [SECURITY] [DLA 3712-1] kodi security update
41312
41312

Published: 2017-05-24
Modified: 2024-11-21

CVE-2017-8314

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

98668
98668
https://github.com/xbmc/xbmc/pull/12024
https://github.com/xbmc/xbmc/pull/12024
[debian-lts-announce] 20180116 [SECURITY] [DLA 1243-1] xbmc security update
[debian-lts-announce] 20180116 [SECURITY] [DLA 1243-1] xbmc security update
GLSA-201706-17
GLSA-201706-17

Version: 2.1.0

Package kodi update in p8 on 2017-07-17

ALT-PU-2017-1889-1

Closed vulnerabilities

CVE-2017-5982

CVE-2017-8314