You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa file-roller

Sigurnosni nedostatak programskog paketa file-roller

==========================================================================
Ubuntu Security Notice USN-4139-1
September 25, 2019

file-roller vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

File Roller could be made to overwrite sensitive files if it received a
specially crafted TAR file.

Software Description:
– file-roller: archive manager for GNOME

Details:

It was discovered that File Roller incorrectly handled certain TAR files.
An attacker could possibly use this issue to overwrite sensitive files
during extraction.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
file-roller 3.28.0-1ubuntu1.1

Ubuntu 16.04 LTS:
file-roller 3.16.5-0ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4139-1
CVE-2019-16680

Package Information:
https://launchpad.net/ubuntu/+source/file-roller/3.28.0-1ubuntu1.1
https://launchpad.net/ubuntu/+source/file-roller/3.16.5-0ubuntu1.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdi2XVAAoJEEW851uECx9pTB0P/0RTVpcrK0vNp/EwH/WRV0tP
ETYRksEiISqi7qtfC5FnVTWzAmF0U3kZ2b1TpYakwmQGdy1NDphNB6uLiKTi9sG0
cesRMKMvvkkkRgPRwjPSLxuCWHq5SJNfUWXIdc2qoFEjzTYzUzV3iv6Ue3xFyFXL
0pmRLwRGNHwxlaE1nhz0lS2foB3seCxV33hKmkPFQgt8mt4uJwAyjRAh6F/2Dmar
au2gUVhQkeZe6q3HFN+kXcraTeWGk2HCnfevoD72cLOSaGw1LKwt+JhtbZIJrpNw
55yKcgHfYmqwVmSfl57VWgebvmi6SRVOzxQ4ONJ0wUIOgUxI3uwRVFfA1lDCtgDo
sfrXxAObkGkVtndDD8HhSuoSlw9uRStcw0tAEbZK4UUERhVLVcLWQgpUsJkAUYlt
tGIT19arBY9W07L28hxmiGuCy4/kMbc05bDOhGv8kx3w721GtF4SIXdjO4RcS2DI
2v+owwTgSh7GCCQor/TMKtp5DHpbGbQi4tpYgIMNA3Z57Ub14UrfL/faCJ6JDq/u
5XYeDOnNwT+ASccLlg3Ay5nSGC/9HUZ9wrb63VwQVRe/H46p+S2acQ/n6qj2Jki0
V0tGnMpL1MKUCZBWgr4Yd/sEialR8X+ypWLVL30+3n763R6ggpAWxG+INSyywaFL
az51TZbEXgK1gr7x+luQ
=KLXv
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija ili stjecanje uvećanih ovlasti....

Close