ALT-PU-2021-1631-1
Package file-roller updated to version 3.38.1-alt1 for branch sisyphus in task 269700.
Closed vulnerabilities
Published: 2021-01-07
BDU:2022-00048
Уязвимость компонента fr-archive-libarchive.c программы-архиватора File Roller, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации
References:
Published: 2021-04-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-36314
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
References:
- https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae
- https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae
- https://gitlab.gnome.org/GNOME/file-roller/-/issues/108
- https://gitlab.gnome.org/GNOME/file-roller/-/issues/108
- FEDORA-2021-7109d72f07
- FEDORA-2021-7109d72f07