Описание
Security update for file-roller
This update for file-roller fixes the following issues:
- CVE-2020-36314: Fixed directory traversal via directory symlink pointing outside of the target directory (bsc#1189131)
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
file-roller-3.20.3-15.9.1
file-roller-lang-3.20.3-15.9.1
nautilus-file-roller-3.20.3-15.9.1
Ссылки
- Link for SUSE-SU-2025:0032-1
- E-Mail link for SUSE-SU-2025:0032-1
- SUSE Security Ratings
- SUSE Bug 1189131
- SUSE CVE CVE-2020-36314 page
Описание
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:file-roller-3.20.3-15.9.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:file-roller-lang-3.20.3-15.9.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nautilus-file-roller-3.20.3-15.9.1
Ссылки
- CVE-2020-36314
- SUSE Bug 1189131