25 matches found
MiracleLinux 8 : file-roller-3.28.1-4.el8 (AXSA:2021-2652:02)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2652:02 advisory. file-roller: directory traversal via directory symlink pointing outside of the target directory incomplete fix for CVE-2020-11736 CVE-2020-36314...
EUVD-2020-23856
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-11736
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is ...
RHEL 6 : file-roller (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive...
Mageia: Security Advisory (MGASA-2021-0311)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2020-0218)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
file-roller: directory traversal via directory symlink pointing outside of the target directory (incomplete fix for CVE-2020-11736)
A path traversal vulnerability was found in file-roller due to an incomplete fix for CVE-2020-11736. It may still be possible to extract files outside of the intended directory in case of malicious archives containing symbolic links. The highest threat from this vulnerability is to data integrity...
ALSA-2021:4179 Low: file-roller security update
File Roller is an application for creating and viewing archives files, such as tar or zip files. Security Fixes: file-roller: directory traversal via directory symlink pointing outside of the target directory incomplete fix for CVE-2020-11736 CVE-2020-36314 For more details about the security...
Low: file-roller security update
File Roller is an application for creating and viewing archives files, such as tar or zip files. Security Fixes: file-roller: directory traversal via directory symlink pointing outside of the target directory incomplete fix for CVE-2020-11736 CVE-2020-36314 For more details about the security...
SUSE: Security Advisory (SUSE-SU-2020:1505-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Directory Traversal
file-roller is vulnerable to directory traversal. The fr-archive-libarchive.c module allows directory traversal during extraction as there is a lack of check of whether a file's parent is a symlink in certain complex situations. This issue exists due to an incomplete fix for CVE-2020-11736...
Huawei EulerOS: Security Advisory for file-roller (EulerOS-SA-2021-1294)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 8 : file-roller (CESA-2020:4820)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:4820 advisory. - file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive CVE-2019-16680 - file-roller: directory...
file-roller security update
3.28.1-3 - Fix CVE-2020-11736 1827395 - Fix CVE-2019-16680 1767594...
RHEL 8 : file-roller (RHSA-2020:4820)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4820 advisory. File Roller is an application for creating and viewing archives files, such as tar or zip files. Security Fixes: file-roller: path traversal...
GLSA-202009-06 : GNOME File Roller: Directory traversal
The remote host is affected by the vulnerability described in GLSA-202009-06 GNOME File Roller: Directory traversal It was discovered that GNOME File Roller incorrectly handled symlinks. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround a...
SUSE SLED15 / SLES15 Security Update : file-roller (SUSE-SU-2020:1557-1)
This update for file-roller fixes the following issues : CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink bsc1169428. CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed an overwriting of a...
openSUSE: Security Advisory for file-roller (openSUSE-SU-2020:0825-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES12 Security Update : file-roller (SUSE-SU-2020:1505-1)
This update for file-roller fixes the following issues : Security issue fixed : CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink bsc1169428. Note that Tenable Network Security has extracted the preceding description...
MGASA-2020-0218 Updated file-roller packages fix security vulnerability
Updated the file-roller package in order to fix a security vulnerability: fr-archive-libarchive.c: File Roller lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. Thus, directory traversal is not prevented CVE-2020-11736...