[SECURITY] Fedora 19 Update: file-roller-3.8.3-1.fc19

updates at fedoraproject.org updates at fedoraproject.org
Tue Jul 16 01:30:02 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-12667
2013-07-09 23:56:50
--------------------------------------------------------------------------------

Name        : file-roller
Product     : Fedora 19
Version     : 3.8.3
Release     : 1.fc19
URL         : http://download.gnome.org/sources/file-roller/
Summary     : Tool for viewing and creating archives
Description :
File Roller is an application for creating and viewing archives files,
such as tar or zip files.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2013-4668:

The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization.

A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user executing the extraction, outside the current working directory. This behaviour is triggered when the option 'Keep directory structure' is selected from the application 'Extract' dialog.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul  8 2013 Matthias Clasen <mclasen at redhat.com> - 3.8.3-1
- Update to 3.8.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #981471 - CVE-2013-4668 file-roller: path sanitization errors
        https://bugzilla.redhat.com/show_bug.cgi?id=981471
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update file-roller' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list