Mageia 2021-0311: file-roller security update | LinuxSecurity.com

Advisories

MGASA-2021-0311 - Updated file-roller packages fix security vulnerability

Publication date: 04 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0311.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2020-36314

Updated file-roller package fixes security vulnerability:

A path traversal vulnerability was found in file-roller due to an
incomplete fix for CVE-2020-11736. It may still be possible to extract
files outside of the intended directory in case of malicious archives
containing symbolic links. The highest threat from this vulnerability
is to data integrity and system availability (CVE-2020-36314).

Also, the patch for CVE-2020-11736 was not applied correctly in the
previous update for Mageia 7 (MGASA-2020-0218). This has been corrected.

References:
- https://bugs.mageia.org/show_bug.cgi?id=29006
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/6KJBZVCHQ4SSX2JAJZVJ5J4P3GEMXJ75/
- https://advisories.mageia.org/MGASA-2020-0218.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36314

SRPMS:
- 8/core/file-roller-3.38.0-1.1.mga8
- 7/core/file-roller-3.32.1-2.2.mga7

Mageia 2021-0311: file-roller security update

Updated file-roller package fixes security vulnerability: A path traversal vulnerability was found in file-roller due to an incomplete fix for CVE-2020-11736

Summary

Updated file-roller package fixes security vulnerability:
A path traversal vulnerability was found in file-roller due to an incomplete fix for CVE-2020-11736. It may still be possible to extract files outside of the intended directory in case of malicious archives containing symbolic links. The highest threat from this vulnerability is to data integrity and system availability (CVE-2020-36314).
Also, the patch for CVE-2020-11736 was not applied correctly in the previous update for Mageia 7 (MGASA-2020-0218). This has been corrected.

References

- https://bugs.mageia.org/show_bug.cgi?id=29006

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/6KJBZVCHQ4SSX2JAJZVJ5J4P3GEMXJ75/

- https://advisories.mageia.org/MGASA-2020-0218.html

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36314

Resolution

MGASA-2021-0311 - Updated file-roller packages fix security vulnerability

SRPMS

- 8/core/file-roller-3.38.0-1.1.mga8

- 7/core/file-roller-3.32.1-2.2.mga7

Severity
Publication date: 04 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0311.html
Type: security
CVE: CVE-2020-36314

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.