ALT-PU-2021-1318-1
Package libgnome-autoar updated to version 0.3.0-alt1 for branch sisyphus in task 266244.
Closed vulnerabilities
Published: 2021-02-05
BDU:2021-01162
Уязвимость функции в autoar-extractor.c библеотеки gnome-autoar, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2021-02-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-36241
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429
- https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429
- https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7
- https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7
- FEDORA-2021-303f6623fa
- FEDORA-2021-303f6623fa
- GLSA-202105-10
- GLSA-202105-10