Date: Wed, 7 Sep 2016 18:10:34 -0500 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: "security@...ntu.com" <security@...ntu.com>, Paolo Bacchilega <paobac@....gnome.org> Subject: CVE Request: File Roller path traversal File Roller 3.5.4 through 3.20.2 was affected by a path traversal bug that could result in deleted files if a user were tricked into opening a malicious archive. 3.20.3 news: http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news 3.21.90 news: http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news Distro bug: https://launchpad.net/bugs/1171236 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=698554 Introduced by: https://git.gnome.org/browse/file-roller/commit/?id=34b64f3a897c4b4e8e180c028f326bc921eb08ec Fixed by: https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5 = Setup = Create /dev/shm/will-be-emptied/important.txt which will act as an important file that we wouldn't want to lose. $ mkdir -p /dev/shm/will-be-emptied/ $ echo data > /dev/shm/will-be-emptied/important.txt = Test = 1. Open the attached links.tar with File Roller $ file-roller links.tar 2. Double-click either of the "absolute" or "relative" files 3. Close the opened Nautilus window as well as the File Roller window 4. Check to see if /dev/shm/will-be-emptied/important.txt has been unintentionally deleted Tyler Download attachment "links.tar" of type "application/x-tar" (10240 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.