Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2016-7162

Published: 8 September 2016

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

Notes

Author	Note
tyhicks	Affected releases are 3.5.4 through 3.20.2

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
file-roller Launchpad, Ubuntu, Debian	precise	Not vulnerable (3.4.1-0ubuntu1)
	trusty	Does not exist (trusty was released [3.10.2.1-0ubuntu4.2])
	upstream	Released (3.20.3)
	xenial	Released (3.16.5-0ubuntu1.2)
	Patches: upstream: https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading