All errata/sisyphus/ALT-PU-2021-1631-1
ALT-PU-2021-1631-1

Package update file-roller in branch sisyphus

Version3.38.1-alt1
Task#269700
Published2021-04-11
Max severityLOW
Severity:

Closed issues (2)

BDU:2022-00048
LOW3.9

Уязвимость компонента fr-archive-libarchive.c программы-архиватора File Roller, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации

Published: 2022-01-10Modified: 2023-11-21
CVSS 3.xLOW 3.9
CVSS:3.x/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
CVSS 2.0LOW 2.4
CVSS:2.0/AV:L/AC:H/Au:S/C:N/I:P/A:P
References
CVE-2020-36314
LOW3.9

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.

Published: 2021-04-07Modified: 2024-11-21
CVSS 2.0LOW 2.6
CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:P/A:P
CVSS 3.xLOW 3.9
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References