file-roller-3.28.1-3.el8
エラータID: AXSA:2021-1271:01
File Roller is an application for creating and viewing archives files, such as tar or zip files.
Security Fix(es):
* file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive (CVE-2019-16680)
* file-roller: directory traversal via directory symlink pointing outside of the target directory (CVE-2020-11736)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-16680
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVE-2020-11736
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Update packages.
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
N/A
SRPMS
- file-roller-3.28.1-3.el8.src.rpm
MD5: e251a565955ea5dd19b66ef971e9fdb2
SHA-256: 9ce29753292ddf6d336c20d49d2e779c48078e1b2d07400b2c946d9c11a93aac
Size: 1.35 MB
Asianux Server 8 for x86_64
- file-roller-3.28.1-3.el8.x86_64.rpm
MD5: 9cd8d4f4aad0e390a723253ff4d2f86f
SHA-256: 25dca3bc0f8c1f088f7af66634372336a2cd1e12ecf34a3d7cae25e6275e7c21
Size: 1.32 MB