openSUSE-SU-2016:2338-1

Опубликовано: 19 сент. 2016

Источник: suse-cvrf

Описание

Security update for file-roller

This update for file-roller fixes the following issue:

CVE-2016-7162: Do not follow symlinks when deleting a folder recursively. (boo#997822, bgo#698554)

Список пакетов

openSUSE Leap 42.1

file-roller-3.16.5-7.2

file-roller-lang-3.16.5-7.2

nautilus-file-roller-3.16.5-7.2

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-09/msg00067.html
E-Mail link for openSUSE-SU-2016:2338-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

Затронутые продукты

openSUSE Leap 42.1:file-roller-3.16.5-7.2

openSUSE Leap 42.1:file-roller-lang-3.16.5-7.2

openSUSE Leap 42.1:nautilus-file-roller-3.16.5-7.2

Ссылки

https://www.suse.com/security/cve/CVE-2016-7162.html
CVE-2016-7162
https://bugzilla.suse.com/997822
SUSE Bug 997822

openSUSE-SU-2016:2338-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-7162

Описание

Затронутые продукты

Ссылки