Mageia: 2021-0311 Moderate: File-Roller Path Traversal Security Issue
mageia
July 4, 2021
Updated file-roller package fixes security vulnerability: A path traversal vulnerability was found in file-roller due to an incomplete fix for CVE-2020-11736
Summary
Updated file-roller package fixes security vulnerability:
A path traversal vulnerability was found in file-roller due to an
incomplete fix for CVE-2020-11736. It may still be possible to extract
files outside of the intended directory in case of malicious archives
containing symbolic links. The highest threat from this vulnerability
is to data integrity and system availability (CVE-2020-36314).
Also, the patch for CVE-2020-11736 was not applied correctly in the
previous update for Mageia 7 (MGASA-2020-0218). This has been corrected.
References
- https://bugs.mageia.org/show_bug.cgi?id=29006
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6KJBZVCHQ4SSX2JAJZVJ5J4P3GEMXJ75/
- https://advisories.mageia.org/MGASA-2020-0218.html
- https://www.cve.org/CVERecord?id=CVE-2020-36314
Resolution
SRPMS
- 8/core/file-roller-3.38.0-1.1.mga8
- 7/core/file-roller-3.32.1-2.2.mga7
PREVIOUS 
NEXT Publication date: 04 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0311.html
Type: security
CVE: CVE-2020-36314
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!