ALT-PU-2021-1631-1
Package file-roller updated to version 3.38.1-alt1 for branch sisyphus in task 269700.
Closed vulnerabilities
Published: 2021-01-07
BDU:2022-00048
Уязвимость компонента fr-archive-libarchive.c программы-архиватора File Roller, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации
Severity: LOW (3.9)
Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Severity: LOW (2.4)
Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P
References:
Published: 2021-04-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-36314
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
Severity: LOW (2.6)
Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P
Severity: LOW (3.9)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References:
- https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae
- https://gitlab.gnome.org/GNOME/file-roller/-/issues/108
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KJBZVCHQ4SSX2JAJZVJ5J4P3GEMXJ75/
- https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae
- https://gitlab.gnome.org/GNOME/file-roller/-/issues/108
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KJBZVCHQ4SSX2JAJZVJ5J4P3GEMXJ75/