openSUSE-SU-2021:0390-1

Опубликовано: 06 мар. 2021

Источник: suse-cvrf

Описание

Security update for gnome-autoar

This update for gnome-autoar fixes the following issues:

CVE-2020-36241: Skip problematic files that might be extracted outside of the destination dir to prevent potential directory traversal (bsc#1181930).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.2

gnome-autoar-devel-0.2.3-lp152.4.3.1

libgnome-autoar-0-0-0.2.3-lp152.4.3.1

libgnome-autoar-gtk-0-0-0.2.3-lp152.4.3.1

typelib-1_0-GnomeAutoar-0_1-0.2.3-lp152.4.3.1

typelib-1_0-GnomeAutoarGtk-0_1-0.2.3-lp152.4.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CYPCMBEG7F5HYZ6RXTSOZ7RTGRUXLCS2/
E-Mail link for openSUSE-SU-2021:0390-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1181930
SUSE Bug 1181930
https://www.suse.com/security/cve/CVE-2020-36241/
SUSE CVE CVE-2020-36241 page

Описание

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

Затронутые продукты

openSUSE Leap 15.2:gnome-autoar-devel-0.2.3-lp152.4.3.1

openSUSE Leap 15.2:libgnome-autoar-0-0-0.2.3-lp152.4.3.1

openSUSE Leap 15.2:libgnome-autoar-gtk-0-0-0.2.3-lp152.4.3.1

openSUSE Leap 15.2:typelib-1_0-GnomeAutoar-0_1-0.2.3-lp152.4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-36241.html
CVE-2020-36241
https://bugzilla.suse.com/1181930
SUSE Bug 1181930
https://bugzilla.suse.com/1184169
SUSE Bug 1184169

openSUSE-SU-2021:0390-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-36241

Описание

Затронутые продукты

Ссылки