Описание
Security update for gnome-autoar
This update for gnome-autoar fixes the following issues:
- CVE-2020-36241: Skip problematic files that might be extracted outside of the destination dir to prevent potential directory traversal (bsc#1181930).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
gnome-autoar-devel-0.2.3-3.3.1
libgnome-autoar-0-0-0.2.3-3.3.1
libgnome-autoar-gtk-0-0-0.2.3-3.3.1
typelib-1_0-GnomeAutoar-0_1-0.2.3-3.3.1
typelib-1_0-GnomeAutoarGtk-0_1-0.2.3-3.3.1
Ссылки
- Link for SUSE-SU-2021:0687-1
- E-Mail link for SUSE-SU-2021:0687-1
- SUSE Security Ratings
- SUSE Bug 1181930
- SUSE CVE CVE-2020-36241 page
Описание
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:gnome-autoar-devel-0.2.3-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libgnome-autoar-0-0-0.2.3-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libgnome-autoar-gtk-0-0-0.2.3-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:typelib-1_0-GnomeAutoar-0_1-0.2.3-3.3.1
Ссылки
- CVE-2020-36241
- SUSE Bug 1181930
- SUSE Bug 1184169