file-roller is vulnerable to arbitrary file write. The vulnerability exists through a directory symlink pointing outside of the target directory.
CPE | Name | Operator | Version |
---|---|---|---|
file-roller | eq | 3.28.1__1.el8 | |
file-roller | eq | 3.28.1__2.el8 | |
file-roller | eq | 3.28.1__1.el8 | |
file-roller | eq | 3.28.1__2.el8 |
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
access.redhat.com/errata/RHSA-2020:4820
access.redhat.com/security/updates/classification/#moderate
gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0
lists.debian.org/debian-lts-announce/2020/04/msg00013.html
security.gentoo.org/glsa/202009-06
usn.ubuntu.com/4332-1/
usn.ubuntu.com/4332-2/