76 matches found
Unity Linux 20.1060e / 20.1070e Security Update: gnome-autoar (UTSA-2026-016668)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016668 advisory. autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it...
Unity Linux 20.1060e / 20.1070e Security Update: gnome-autoar (UTSA-2026-016654)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016654 advisory. autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it...
EUVD-2021-15319
Malware in sbrugna...
EUVD-2020-23786
Malware in sbrugna...
OPENSUSE-SU-2024:10795-1 gnome-autoar-devel-0.4.0-1.3 on GA media
These are all security issues fixed in the gnome-autoar-devel-0.4.0-1.3 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2020-36241
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location...
SUSE CVE-2021-28650
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplet...
new packages: gnome-autoar
An update is available for gnome-autoar. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
AlmaLinux 8 : GNOME (ALSA-2021:4381)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4381 advisory. - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lea...
Mageia: Security Advisory (MGASA-2021-0111)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2021-0274)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 8 : GNOME (CESA-2021:4381)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4381 advisory. - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution CVE-2020-13558 - LibRaw: Stack buffer overflow in...
RHEL 8 : GNOME (RHSA-2021:4381)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4381 advisory. GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version:...
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location...
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplet...
GNOME security, bug fix, and enhancement update
An update is available for gnome-shell-extensions, webkit2gtk3, LibRaw, gnome-settings-daemon, gsettings-desktop-schemas, gnome-autoar, mutter, accountsservice, gnome-control-center, gnome-online-accounts, gnome-shell, gtk3, gdm, vino, gnome-software, gnome-session, gnome-calculator. This update...
Moderate: GNOME security, bug fix, and enhancement update
GNOME is the default desktop environment of AlmaLinux. The following packages have been upgraded to a later upstream version: gdm 40.0, webkit2gtk3 2.32.3. BZ1909300 Security Fixes: webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution CVE-2020-13558 LibRaw...
Updated gnome-autoar packages fix a security vulnerability
gnome-autoar: directory traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations CVE-2021-28650. Also the previous update Bug 28454 introduced a regression, fixed here...
MGASA-2021-0274 Updated gnome-autoar packages fix a security vulnerability
gnome-autoar: directory traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations CVE-2021-28650. Also the previous update Bug 28454 introduced a regression, fixed here...
SUSE: Security Advisory (SUSE-SU-2021:0687-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...