USN-3074-1: File Roller vulnerability
Ubuntu Security Notice USN-3074-1
8th September, 2016
file-roller vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
File Roller could be made to delete files.
Software description
- file-roller
– archive manager for GNOME
Details
It was discovered that File Roller incorrectly handled symlinks. If a user were
tricked into extracting a specially-crafted archive, an attacker could delete
files outside of the extraction directory.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
file-roller
3.16.5-0ubuntu1.2
- Ubuntu 14.04 LTS:
-
file-roller
3.10.2.1-0ubuntu4.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Source: USN-3074-1: File Roller vulnerability
