file-roller-3.28.1-4.el8
エラータID: AXSA:2021-2652:02
File Roller is an application for creating and viewing archives files, such as tar or zip files.
Security Fix(es):
* file-roller: directory traversal via directory symlink pointing outside of the target directory (incomplete fix for CVE-2020-11736) (CVE-2020-36314)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-11736
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
CVE-2020-36314
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
Update packages.
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
N/A
SRPMS
- file-roller-3.28.1-4.el8.src.rpm
MD5: 757426e8f07a9bb599fd5891799131a7
SHA-256: 50038c6055b16c08b825f927896ed749a9f6bc775a8bb1511a6a7237ecf3ac91
Size: 1.35 MB
Asianux Server 8 for x86_64
- file-roller-3.28.1-4.el8.x86_64.rpm
MD5: f3cf77cb51b57a96707b164ee5898c51
SHA-256: 782b86042117463c742b003a580284d391c7f94bdcea6e9be3f056065781f00a
Size: 1.32 MB
日本語