Note:
This project will be discontinued after December 13, 2021. [more]
2019-09-21
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
Products | Ubuntu_linux, Debian_linux, File\-Roller, Enterprise_linux |
Type | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
First patch | - None (likely due to unavailable code) |
Links |
• https://usn.ubuntu.com/4139-1/
• https://bugzilla.gnome.org/show_bug.cgi?id=794337 • https://www.debian.org/security/2019/dsa-4537 • https://seclists.org/bugtraq/2019/Sep/57 • https://bugzilla.redhat.com/show_bug.cgi?id=1767594 |