Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-7162

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

Related bugs and status

CVE-2016-7162 (Candidate) is related to these bugs:

Bug #1171236: file-roller may delete the content of linked folder

		In	Importance	Status
1171236	file-roller may delete the content of linked folder	file-roller (Ubuntu)	High	Fix Released
1171236	file-roller may delete the content of linked folder	File Roller	High	Fix Released
1171236	file-roller may delete the content of linked folder	file-roller (Ubuntu Xenial)	Medium	Fix Released
1171236	file-roller may delete the content of linked folder	file-roller (Ubuntu Trusty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016090...
CONFIRM: http://ftp.gnome.org/m...
CONFIRM: http://ftp.gnome.org/m...
CONFIRM: https://bugzilla.gnome...
CONFIRM: https://git.gnome.org/...
UBUNTU: USN-3074-1
BID: 92896