Описание
Security update for file-roller
This update for file-roller fixes the following issues:
- CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed an overwriting of a file during extraction (bsc#1151585).
Список пакетов
SUSE Linux Enterprise Server 12 SP4
file-roller-3.20.3-15.3.25
file-roller-lang-3.20.3-15.3.25
nautilus-file-roller-3.20.3-15.3.25
SUSE Linux Enterprise Server 12 SP5
file-roller-3.20.3-15.3.25
file-roller-lang-3.20.3-15.3.25
nautilus-file-roller-3.20.3-15.3.25
SUSE Linux Enterprise Server for SAP Applications 12 SP4
file-roller-3.20.3-15.3.25
file-roller-lang-3.20.3-15.3.25
nautilus-file-roller-3.20.3-15.3.25
SUSE Linux Enterprise Server for SAP Applications 12 SP5
file-roller-3.20.3-15.3.25
file-roller-lang-3.20.3-15.3.25
nautilus-file-roller-3.20.3-15.3.25
Ссылки
- Link for SUSE-SU-2020:1088-1
- E-Mail link for SUSE-SU-2020:1088-1
- SUSE Security Ratings
- SUSE Bug 1151585
- SUSE CVE CVE-2019-16680 page
Описание
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:file-roller-3.20.3-15.3.25
SUSE Linux Enterprise Server 12 SP4:file-roller-lang-3.20.3-15.3.25
SUSE Linux Enterprise Server 12 SP4:nautilus-file-roller-3.20.3-15.3.25
SUSE Linux Enterprise Server 12 SP5:file-roller-3.20.3-15.3.25
Ссылки
- CVE-2019-16680
- SUSE Bug 1151585