What is the severity of CVE-2016-7162?

CVE-2016-7162 is classified as a medium severity vulnerability due to the risk of arbitrary file deletion through symlink attacks.

How do I fix CVE-2016-7162?

To fix CVE-2016-7162, upgrade File Roller to version 3.20.3 or later.

What impact does CVE-2016-7162 have on Ubuntu Linux?

CVE-2016-7162 allows remote attackers to delete arbitrary files on systems running vulnerable versions of File Roller in Ubuntu Linux.

Which versions of File Roller are affected by CVE-2016-7162?

CVE-2016-7162 affects File Roller versions from 3.5.4 up to and including 3.20.2.

Can CVE-2016-7162 be exploited remotely?

Yes, CVE-2016-7162 can be exploited remotely via symlink attacks on folders in archives.

Vulnerability/
CVE-2016-7162

high

7.5

CWE

26/9/2016

6/8/2024

CVE-2016-7162: Input Validation

First published: Mon Sep 26 2016(Updated: )

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ubuntu	=14.04
Ubuntu	=16.04
GNOME File Roller	=3.5.4
GNOME File Roller	=3.6.0
GNOME File Roller	=3.6.1
GNOME File Roller	=3.6.1.1
GNOME File Roller	=3.6.2
GNOME File Roller	=3.6.3
GNOME File Roller	=3.6.4
GNOME File Roller	=3.8.0
GNOME File Roller	=3.8.1
GNOME File Roller	=3.8.2
GNOME File Roller	=3.8.3
GNOME File Roller	=3.9.0
GNOME File Roller	=3.9.1
GNOME File Roller	=3.9.2
GNOME File Roller	=3.9.3
GNOME File Roller	=3.10
GNOME File Roller	=3.15
GNOME File Roller	=3.20
GNOME File Roller	=3.20.1
GNOME File Roller	=3.20.2

Remedy

https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-7162?
CVE-2016-7162 is classified as a medium severity vulnerability due to the risk of arbitrary file deletion through symlink attacks.
How do I fix CVE-2016-7162?
To fix CVE-2016-7162, upgrade File Roller to version 3.20.3 or later.
What impact does CVE-2016-7162 have on Ubuntu Linux?
CVE-2016-7162 allows remote attackers to delete arbitrary files on systems running vulnerable versions of File Roller in Ubuntu Linux.
Which versions of File Roller are affected by CVE-2016-7162?
CVE-2016-7162 affects File Roller versions from 3.5.4 up to and including 3.20.2.
Can CVE-2016-7162 be exploited remotely?
Yes, CVE-2016-7162 can be exploited remotely via symlink attacks on folders in archives.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/references
agent/weakness
agent/last-modified-date
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/canonical
canonical/ubuntu
version/ubuntu/14.04
version/ubuntu/16.04
vendor/file roller project
canonical/gnome file roller
version/gnome file roller/3.5.4
version/gnome file roller/3.6.0
version/gnome file roller/3.6.1
version/gnome file roller/3.6.1.1
version/gnome file roller/3.6.2
version/gnome file roller/3.6.3
version/gnome file roller/3.6.4
version/gnome file roller/3.8.0
version/gnome file roller/3.8.1
version/gnome file roller/3.8.2
version/gnome file roller/3.8.3
version/gnome file roller/3.9.0
version/gnome file roller/3.9.1
version/gnome file roller/3.9.2
version/gnome file roller/3.9.3
version/gnome file roller/3.10
version/gnome file roller/3.15
version/gnome file roller/3.20
version/gnome file roller/3.20.1
version/gnome file roller/3.20.2