Advisories ยป MGASA-2013-0232

Updated file-roller package fixes CVE-2013-4668

Publication date: 26 Jul 2013
Modification date: 26 Jul 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4668

Description

Updated file-roller package fixes security vulnerability:

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4 when
libarchive is used, allows remote attackers to create arbitrary files via a
crafted archive that is not properly handled in a "Keep directory structure"
action, related to fr-archive-libarchive.c and fr-window.c (CVE-2013-4668).
                

References

SRPMS

3/core