MGASA-2020-0218

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0218.html

Import Source

https://advisories.mageia.org/MGASA-2020-0218.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0218

Related

CVE-2020-11736

Published

2020-05-24T18:04:47Z

Modified

2020-05-24T17:23:24Z

Summary

Updated file-roller packages fix security vulnerability

Details

Updated the file-roller package in order to fix a security vulnerability:

fr-archive-libarchive.c: File Roller lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. Thus, directory traversal is not prevented (CVE-2020-11736).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / file-roller

Package

Name: file-roller
Purl: pkg:rpm/mageia/file-roller?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.32.1-2.1.mga7

Ecosystem specific

{
    "section": "core"
}