vulnerability
Rocky Linux: CVE-2021-28650: GNOME (RLSA-2021-4381)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Mar 17, 2021 | Mar 12, 2024 | Nov 20, 2024 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 17, 2021
Added
Mar 12, 2024
Modified
Nov 20, 2024
Description
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.
Solution(s)
rocky-upgrade-accountsservicerocky-upgrade-accountsservice-debuginforocky-upgrade-accountsservice-debugsourcerocky-upgrade-accountsservice-develrocky-upgrade-accountsservice-libsrocky-upgrade-accountsservice-libs-debuginforocky-upgrade-gdmrocky-upgrade-gdm-debuginforocky-upgrade-gdm-debugsourcerocky-upgrade-gnome-autoarrocky-upgrade-gnome-autoar-debuginforocky-upgrade-gnome-autoar-debugsourcerocky-upgrade-gnome-calculatorrocky-upgrade-gnome-calculator-debuginforocky-upgrade-gnome-calculator-debugsourcerocky-upgrade-gnome-control-centerrocky-upgrade-gnome-control-center-debuginforocky-upgrade-gnome-control-center-debugsourcerocky-upgrade-gnome-online-accountsrocky-upgrade-gnome-online-accounts-debuginforocky-upgrade-gnome-online-accounts-debugsourcerocky-upgrade-gnome-online-accounts-develrocky-upgrade-gnome-sessionrocky-upgrade-gnome-session-debuginforocky-upgrade-gnome-session-debugsourcerocky-upgrade-gnome-session-kiosk-sessionrocky-upgrade-gnome-session-wayland-sessionrocky-upgrade-gnome-session-xsessionrocky-upgrade-gnome-settings-daemonrocky-upgrade-gnome-settings-daemon-debuginforocky-upgrade-gnome-settings-daemon-debugsourcerocky-upgrade-gnome-shellrocky-upgrade-gnome-shell-debuginforocky-upgrade-gnome-shell-debugsourcerocky-upgrade-gnome-softwarerocky-upgrade-gnome-software-debuginforocky-upgrade-gnome-software-debugsourcerocky-upgrade-gnome-software-develrocky-upgrade-gsettings-desktop-schemasrocky-upgrade-gsettings-desktop-schemas-develrocky-upgrade-gtk-update-icon-cacherocky-upgrade-gtk-update-icon-cache-debuginforocky-upgrade-gtk3rocky-upgrade-gtk3-debuginforocky-upgrade-gtk3-debugsourcerocky-upgrade-gtk3-develrocky-upgrade-gtk3-devel-debuginforocky-upgrade-gtk3-immodule-ximrocky-upgrade-gtk3-immodule-xim-debuginforocky-upgrade-librawrocky-upgrade-libraw-debuginforocky-upgrade-libraw-debugsourcerocky-upgrade-libraw-develrocky-upgrade-mutterrocky-upgrade-mutter-debuginforocky-upgrade-mutter-debugsourcerocky-upgrade-mutter-develrocky-upgrade-vinorocky-upgrade-vino-debuginforocky-upgrade-vino-debugsourcerocky-upgrade-webkit2gtk3rocky-upgrade-webkit2gtk3-debuginforocky-upgrade-webkit2gtk3-debugsourcerocky-upgrade-webkit2gtk3-develrocky-upgrade-webkit2gtk3-devel-debuginforocky-upgrade-webkit2gtk3-jscrocky-upgrade-webkit2gtk3-jsc-debuginforocky-upgrade-webkit2gtk3-jsc-develrocky-upgrade-webkit2gtk3-jsc-devel-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.