Описание
Security update for file-roller
This update for file-roller fixes the following issues:
- CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink (bsc#1169428).
- CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed an overwriting of a file during extraction (bsc#1151585).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
file-roller-3.26.2-lp151.4.3.1
file-roller-lang-3.26.2-lp151.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0825-1
- SUSE Security Ratings
- SUSE Bug 1151585
- SUSE Bug 1169428
- SUSE CVE CVE-2019-16680 page
- SUSE CVE CVE-2020-11736 page
Описание
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
Затронутые продукты
openSUSE Leap 15.1:file-roller-3.26.2-lp151.4.3.1
openSUSE Leap 15.1:file-roller-lang-3.26.2-lp151.4.3.1
Ссылки
- CVE-2019-16680
- SUSE Bug 1151585
Описание
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Затронутые продукты
openSUSE Leap 15.1:file-roller-3.26.2-lp151.4.3.1
openSUSE Leap 15.1:file-roller-lang-3.26.2-lp151.4.3.1
Ссылки
- CVE-2020-11736
- SUSE Bug 1169428
- SUSE Bug 1189131