MGASA-2021-0311

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0311.html

Import Source

https://advisories.mageia.org/MGASA-2021-0311.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0311

Related

CVE-2020-36314

Published

2021-07-04T02:13:55Z

Modified

2021-07-04T01:00:45Z

Summary

Updated file-roller packages fix security vulnerability

Details

Updated file-roller package fixes security vulnerability:

A path traversal vulnerability was found in file-roller due to an incomplete fix for CVE-2020-11736. It may still be possible to extract files outside of the intended directory in case of malicious archives containing symbolic links. The highest threat from this vulnerability is to data integrity and system availability (CVE-2020-36314).

Also, the patch for CVE-2020-11736 was not applied correctly in the previous update for Mageia 7 (MGASA-2020-0218). This has been corrected.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / file-roller

Package

Name: file-roller
Purl: pkg:rpm/mageia/file-roller?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.38.0-1.1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / file-roller

Package

Name: file-roller
Purl: pkg:rpm/mageia/file-roller?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.32.1-2.2.mga7

Ecosystem specific

{
    "section": "core"
}