Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia 7, 8 Security Update: MGASA-2021-0274 Critical Directory Traversal

mageia
Calendar Grey June 23, 2021
Dist Mageia Esm H88
Mageia 2021-0275 enhances gnome-autoar to address potential directory traversal vulnerabilities when extracting files, alongside incorporating security enhancements.
gnome-autoar: directory traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations (CVE-2021-28650)

Summary

gnome-autoar: directory traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations (CVE-2021-28650).
Also the previous update (Bug 28454) introduced a regression, fixed here.

References

- https://bugs.mageia.org/show_bug.cgi?id=28884

- https://bugs.mageia.org/show_bug.cgi?id=28454

- https://ubuntu.com/security/notices/USN-4733-2

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2T2WNK5MCCXX7Y5LGNP6SJYIBL7ADKHD/

- https://www.cve.org/CVERecord?id=CVE-2021-28650

Topics%20covered

Topics Covered

security advisory directory traversal security fix extraction issue Mageia gnome-autoar

Resolution

SRPMS

- 7/core/gnome-autoar-0.3.1-1.mga7

- 8/core/gnome-autoar-0.3.1-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 23 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0274.html
Type: security
CVE: CVE-2021-28650

Topics%20covered

Topics Covered

security advisory directory traversal security fix extraction issue Mageia gnome-autoar

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here