Mageia 7: MGASA-2020-0218 Moderate: File-Roller Directory Traversal

mageia

May 24, 2020

Updated the file-roller package in order to fix a security vulnerability: fr-archive-libarchive.c: File Roller lacks a check of whether a file's parent is a symlink to a directory...

Summary

Updated the file-roller package in order to fix a security vulnerability:
fr-archive-libarchive.c: File Roller lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. Thus, directory traversal is not prevented (CVE-2020-11736).

References

- https://bugs.mageia.org/show_bug.cgi?id=26502

- https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html

- https://www.cve.org/CVERecord?id=CVE-2020-11736

Topics Covered

security advisory update directory traversal threat mitigation file-roller Mageia archive handling

Resolution

SRPMS

- 7/core/file-roller-3.32.1-2.1.mga7

Publication date: 24 May 2020

URL: https://advisories.mageia.org/MGASA-2020-0218.html

Type: security

CVE: CVE-2020-11736

Topics Covered

security advisory update directory traversal threat mitigation file-roller Mageia archive handling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 7: MGASA-2020-0218 Moderate: File-Roller Directory Traversal

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 7: MGASA-2020-0218 Moderate: File-Roller Directory Traversal

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!