Описание
Security update for file-roller
This update for file-roller fixes the following issues:
- CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink (bsc#1169428).
- CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed an overwriting of a file during extraction (bsc#1151585).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
file-roller-3.26.2-4.5.1
file-roller-lang-3.26.2-4.5.1
Ссылки
- Link for SUSE-SU-2020:1557-1
- E-Mail link for SUSE-SU-2020:1557-1
- SUSE Security Ratings
- SUSE Bug 1151585
- SUSE Bug 1169428
- SUSE CVE CVE-2019-16680 page
- SUSE CVE CVE-2020-11736 page
Описание
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:file-roller-3.26.2-4.5.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:file-roller-lang-3.26.2-4.5.1
Ссылки
- CVE-2019-16680
- SUSE Bug 1151585
Описание
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:file-roller-3.26.2-4.5.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:file-roller-lang-3.26.2-4.5.1
Ссылки
- CVE-2020-11736
- SUSE Bug 1169428
- SUSE Bug 1189131