Mageia 2021-0311: file-roller security update
Summary
Updated file-roller package fixes security vulnerability:
A path traversal vulnerability was found in file-roller due to an
incomplete fix for CVE-2020-11736. It may still be possible to extract
files outside of the intended directory in case of malicious archives
containing symbolic links. The highest threat from this vulnerability
is to data integrity and system availability (CVE-2020-36314).
Also, the patch for CVE-2020-11736 was not applied correctly in the
previous update for Mageia 7 (MGASA-2020-0218). This has been corrected.
References
- https://bugs.mageia.org/show_bug.cgi?id=29006
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6KJBZVCHQ4SSX2JAJZVJ5J4P3GEMXJ75/
- https://advisories.mageia.org/MGASA-2020-0218.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36314
Resolution
MGASA-2021-0311 - Updated file-roller packages fix security vulnerability
SRPMS
- 8/core/file-roller-3.38.0-1.1.mga8
- 7/core/file-roller-3.32.1-2.2.mga7