Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
98
security advisorydirectory traversallow severityRed Hat Enterprise Linux 8: RHSA-2021-4179 Low Severity File Roller Issue
An update for file-roller is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: file-roller security update Advisory ID: RHSA-2021:4179-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4179 Issue date: 2021-11-09 CVE Names: CVE-2020-36314 ==================================================================== 1. Summary: An update for file-roller is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: File Roller is an application for creating and viewing archives files, such as tar or zip files. Security Fix(es): * file-roller: directory traversal via directory symlink pointing outside of the target directory (incomplete fix for CVE-2020-11736) (CVE-2020-36314) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1947534 - CVE-2020-36314 file-roller: directory traversal via directory symlink pointing outside of the target directory (incomplete fix for CVE-2020-11736) 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: file-roller-3.28.1-4.el8.src.rpm aarch64: file-roller-3.28.1-4.el8.aarch64.rpm file-roller-debuginfo-3.28.1-4.el8.aarch64.rpm file-roller-debugsource-3.28.1-4.el8.aarch64.rpm ppc64le: file-roller-3.28.1-4.el8.ppc64le.rpm file-roller-debuginfo-3.28.1-4.el8.ppc64le.rpm file-roller-debugsource-3.28.1-4.el8.ppc64le.rpm s390x: file-roller-3.28.1-4.el8.s390x.rpm file-roller-debuginfo-3.28.1-4.el8.s390x.rpm file-roller-debugsource-3.28.1-4.el8.s390x.rpm x86_64: file-roller-3.28.1-4.el8.x86_64.rpm file-roller-debuginfo-3.28.1-4.el8.x86_64.rpm file-roller-debugsource-3.28.1-4.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-36314 https://access.redhat.com/security/updates/classification#low https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.5_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYYrcgtzjgjWX9erEAQgd4w/+PXjbDXML/3GdTrc6vx+mBL8ahxMqCFcw fkToNdKC5KmoWD2CybGh3Wz948tiAAhFyRRIteR6pxb1vCeYt1u13DCLXRTeKAjU jfRA/4xl0AeFHvSbDOIfiEXa2WnMewP2muNGAFcz62PJBIP7z43wtFSGruoYwOxY 7q8bwA1MkHAWsSpYmzIumnxK61SqkvwZlE7moKPbVM3+DDQ/v26wAVV2JNFuwuXj 2IkKur1UVuRuZMQGUPI76Um85KnW0JH+h1Be0EOyLfCl3pwz2v5sGaglKjdsDwC2 aVCzhLXmY0x+pr7p85YfE2pSN8l5dBviMiGLc71UdYcWrIL8Z9ZgI7p75TqoIplH xQl6B9kQKUVcU5VWaFXdkspgsipuGzVi+SLPAMcIu1bDRxd52KlRID8edMhuNoxU G2ofy0T1lfbRCO09ZhZoO6kVnnEFsJBfjibngvgGQbNjSlRgmLMy0pzPwOo8GxS6 yaN6uDAtBvQISQITREWio8cLzggSpHunKmwitG4i43UzKqdYeigRUguCcvp2QzvY 7ElJKjNIwvrh4BVkMVoozPpG+mHl0lPw4CIJ+a4hKL/2uCxVAcDqpFP0GcDi3Arscar3AmvtHoDk7Nes5tDtU7EAG1MSFly+E7/7XFw1iGPHD+g/PgwueA4KGfgW+4fe 2wHka5A4HmA=8l/o -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 09, 2021
•Low
Red Hat
172
security advisorymoderatesecurity issueUbuntu 20.10 USN-4927-1 Minor: File Roller Information Exposure
File Roller could be made to expose sensitive information.. =========================================================================Ubuntu Security Notice USN-4927-1 April 26, 2021 file-roller vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: File Roller could be made to expose sensitive information. Software Description: - file-roller: archive manager for GNOME Details: It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: file-roller 3.38.0-1ubuntu0.1 Ubuntu 20.04 LTS: file-roller 3.36.3-0ubuntu1.1 Ubuntu 18.04 LTS: file-roller 3.28.0-1ubuntu1.3 Ubuntu 16.04 LTS: file-roller 3.16.5-0ubuntu1.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4927-1 CVE-2020-36314 Package Information: https://launchpad.net/ubuntu/+source/file-roller/3.38.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/file-roller/3.36.3-0ubuntu1.1 https://launchpad.net/ubuntu/+source/file-roller/3.28.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/file-roller/3.16.5-0ubuntu1.5 . This document discusses Ubuntu Security Notice USN-4927-1 regarding a critical vulnerability in File Roller, allowing unauthorized access to sensitive data and urging users to update their installations to enhance system security against potential risks. File Roller, Information Exposure, Ubuntu Security Notice. . Severity: Important. LinuxSecurity.com Team
Apr 26, 2021
•Important
Ubuntu
172
security advisoryinformation exposureubuntuUbuntu 19.10: USN-4332-1 Moderate: file-roller Information Exposure
File Roller could be made to expose sensitive information.. =========================================================================Ubuntu Security Notice USN-4332-1 April 20, 2020 file-roller vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: File Roller could be made to expose sensitive information. Software Description: - file-roller: archive manager for GNOME Details: It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: file-roller 3.32.2-1ubuntu0.1 Ubuntu 18.04 LTS: file-roller 3.28.0-1ubuntu1.2 Ubuntu 16.04 LTS: file-roller 3.16.5-0ubuntu1.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4332-1 CVE-2020-11736 Package Information: https://launchpad.net/ubuntu/+source/file-roller/3.32.2-1ubuntu0.1 https://launchpad.net/ubuntu/+source/file-roller/3.28.0-1ubuntu1.2 https://launchpad.net/ubuntu/+source/file-roller/3.16.5-0ubuntu1.4 . Ubuntu Security Notice USN-4332-2 outlines a vulnerability in file-roller that may expose confidential information in multiple versions.. file Roller, sensitive information, ubuntu advisory. . Severity: Important. LinuxSecurity.com Team
Apr 20, 2020
•Important
Ubuntu
172
security advisoryUbuntuoverwriteUbuntu 18.04 LTS: USN-4139-1 Critical: File Roller Overwrite Risk
File Roller could be made to overwrite sensitive files if it received a specially crafted TAR file.. =========================================================================Ubuntu Security Notice USN-4139-1 September 25, 2019 file-roller vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: File Roller could be made to overwrite sensitive files if it received a specially crafted TAR file. Software Description: - file-roller: archive manager for GNOME Details: It was discovered that File Roller incorrectly handled certain TAR files. An attacker could possibly use this issue to overwrite sensitive files during extraction. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: file-roller 3.28.0-1ubuntu1.1 Ubuntu 16.04 LTS: file-roller 3.16.5-0ubuntu1.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4139-1 CVE-2019-16680 Package Information: https://launchpad.net/ubuntu/+source/file-roller/3.28.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/file-roller/3.16.5-0ubuntu1.3 . Ubuntu Security Advisory USN-4139-1 highlights a vulnerability in file roller that may lead to unauthorized file replacements of crucial content via TAR archives.. Ubuntu Security, File Roller Issue, Sensitive Files, Archive Manager. . Severity: Critical. LinuxSecurity.com Team
Sep 25, 2019
•Critical
Ubuntu
89
security advisorysecurity issueFedoraFedora 30: FEDORA-2019-ac2a21ff07 Critical: file roller SELinux Issue
This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-ac2a21ff07 2019-04-17 16:04:32.355044 --------------------------------------------------------------------------------Name : file-roller Product : Fedora 30 Version : 3.32.1 Release : 2.fc30 URL : https://wiki.gnome.org/Apps/FileRoller Summary : Tool for viewing and creating archives Description : File Roller is an application for creating and viewing archives files, such as tar or zip files. --------------------------------------------------------------------------------Update Information: This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy Meson, excepting packages for updates were already pending (in those cases, those updates have been edited instead). This includes gnome-initial-setup, which was affected by this problem, resulting in a [release-blocking bug](https://bugzilla.redhat.com/show_bug.cgi?id=1699099) that prevented it running correctly with SELinux in enforcing mode. --------------------------------------------------------------------------------References: [ 1 ] Bug #1699099 - gnome-initial-setup 3.32.0+ crashes due to SELinux denials (because it has execstack flag set, because meson 0.50.0 setsit when it shouldn't) https://bugzilla.redhat.com/show_bug.cgi?id=1699099 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-ac2a21ff07' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 17, 2019
•Critical
Fedora
172
security advisorycriticalubuntuUbuntu 16.04 LTS: USN-3074-1 Critical File Roller File Deletion Risk
File Roller could be made to delete files.. =========================================================================Ubuntu Security Notice USN-3074-1 September 08, 2016 file-roller vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: File Roller could be made to delete files. Software Description: - file-roller: archive manager for GNOME Details: It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extracting a specially-crafted archive, an attacker could delete files outside of the extraction directory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: file-roller 3.16.5-0ubuntu1.2 Ubuntu 14.04 LTS: file-roller 3.10.2.1-0ubuntu4.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3074-1 CVE-2016-7162, https://bugs.launchpad.net/ubuntu/+source/file-roller/+bug/1171236 Package Information: https://launchpad.net/ubuntu/+source/file-roller/3.16.5-0ubuntu1.2 https://launchpad.net/ubuntu/+source/file-roller/3.10.2.1-0ubuntu4.2 . Enhance your Ubuntu installation by upgrading to address the File Roller security flaw that may cause unintended file removal.. File Roller, Ubuntu Security Update, Archive Manager, File Deletion Issue. . Severity: Critical. LinuxSecurity.com Team
Sep 08, 2016
•Critical
Ubuntu
172
security advisorymoderateubuntuUbuntu 13.04: USN-1906-1 Moderate: File Roller File Threat
File Roller could be made to create or overwrite files.. =========================================================================Ubuntu Security Notice USN-1906-1 July 16, 2013 file-roller vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 Summary: File Roller could be made to create or overwrite files. Software Description: - file-roller: archive manager for GNOME Details: Yorick Koster discovered that File Roller incorrectly sanitized paths. If a user were tricked into extracting a specially-crafted archive, an attacker could create and overwrite files outside of the extraction directory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: file-roller 3.6.3-1ubuntu4.1 Ubuntu 12.10: file-roller 3.6.1.1-0ubuntu1.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1906-1 CVE-2013-4668 Package Information: https://launchpad.net/ubuntu/+source/file-roller/3.6.3-1ubuntu4.1 https://launchpad.net/ubuntu/+source/file-roller/3.6.1.1-0ubuntu1.2 . Ubuntu Security Announcement USN-1906-2 discusses a vulnerability in file-roller that could result in unintended file generation or replacement.. Ubuntu File Roller, Security Advisory, File Creation Threat. . Severity: Important. LinuxSecurity.com Team
Jul 16, 2013
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!