Arch Linux Security Advisory ASA-201609-5 ========================================= Severity: Medium Date : 2016-09-09 CVE-ID : CVE-2016-7162 Package : file-roller Type : directory traversal Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package file-roller before version 3.20.3-1 is vulnerable to directory traversal. Resolution ========== Upgrade to 3.20.3-1. # pacman -Syu "file-roller>=3.20.3-1" The problem has been fixed upstream in version 3.20.3. Workaround ========== None. Description =========== File Roller was affected by a directory traversal bug that could result in deleted files if a user were tricked into opening a malicious archive. Impact ====== An attacker is able to create a specially crafted archive that results in deleted files if a user were tricked into opening it. References ========== https://access.redhat.com/security/cve/CVE-2016-7162 http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3... http://seclists.org/oss-sec/2016/q3/436