SUSE-SU-2021:0664-1

Опубликовано: 01 мар. 2021

Источник: suse-cvrf

Описание

Security update for gnome-autoar

This update for gnome-autoar fixes the following issues:

CVE-2020-36241: Skip problematic files that might be extracted outside of the destination dir to prevent potential directory traversal (bsc#1181930).

Список пакетов

SUSE Linux Enterprise Workstation Extension 12 SP5

libgnome-autoar-0-0-0.2.2-3.5.1

libgnome-autoar-gtk-0-0-0.2.2-3.5.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210664-1/
Link for SUSE-SU-2021:0664-1
https://lists.suse.com/pipermail/sle-security-updates/2021-March/008403.html
E-Mail link for SUSE-SU-2021:0664-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1181930
SUSE Bug 1181930
https://www.suse.com/security/cve/CVE-2020-36241/
SUSE CVE CVE-2020-36241 page

Описание

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 12 SP5:libgnome-autoar-0-0-0.2.2-3.5.1

SUSE Linux Enterprise Workstation Extension 12 SP5:libgnome-autoar-gtk-0-0-0.2.2-3.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-36241.html
CVE-2020-36241
https://bugzilla.suse.com/1181930
SUSE Bug 1181930
https://bugzilla.suse.com/1184169
SUSE Bug 1184169

SUSE-SU-2021:0664-1

Описание

Список пакетов

SUSE Linux Enterprise Workstation Extension 12 SP5

Ссылки

Уязвимость: CVE-2020-36241

Описание

Затронутые продукты

Ссылки