Описание
Security update for file-roller
This update for file-roller fixes the following issues:
Security issue fixed:
- CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink (bsc#1169428).
Список пакетов
SUSE Linux Enterprise Server 12 SP4
file-roller-3.20.3-15.6.1
file-roller-lang-3.20.3-15.6.1
nautilus-file-roller-3.20.3-15.6.1
SUSE Linux Enterprise Server 12 SP5
file-roller-3.20.3-15.6.1
file-roller-lang-3.20.3-15.6.1
nautilus-file-roller-3.20.3-15.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
file-roller-3.20.3-15.6.1
file-roller-lang-3.20.3-15.6.1
nautilus-file-roller-3.20.3-15.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
file-roller-3.20.3-15.6.1
file-roller-lang-3.20.3-15.6.1
nautilus-file-roller-3.20.3-15.6.1
Ссылки
- Link for SUSE-SU-2020:1505-1
- E-Mail link for SUSE-SU-2020:1505-1
- SUSE Security Ratings
- SUSE Bug 1169428
- SUSE CVE CVE-2020-11736 page
Описание
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:file-roller-3.20.3-15.6.1
SUSE Linux Enterprise Server 12 SP4:file-roller-lang-3.20.3-15.6.1
SUSE Linux Enterprise Server 12 SP4:nautilus-file-roller-3.20.3-15.6.1
SUSE Linux Enterprise Server 12 SP5:file-roller-3.20.3-15.6.1
Ссылки
- CVE-2020-11736
- SUSE Bug 1169428
- SUSE Bug 1189131