Upstream information

CVE-2015-0552 at MITRE

Description

Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.4
Vector AV:N/AC:L/Au:N/C:N/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 911814 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Desktop Applications 15
  • gcab >= 1.1-1.15
  • gcab-devel >= 1.1-1.15
  • gcab-lang >= 1.1-1.15
  • libgcab-1_0-0 >= 1.1-1.15
  • typelib-1_0-GCab-1_0 >= 1.1-1.15
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA gcab
openSUSE 13.1
  • gcab >= 0.4-2.4.1
  • gcab-debuginfo >= 0.4-2.4.1
  • gcab-debugsource >= 0.4-2.4.1
  • gcab-devel >= 0.4-2.4.1
  • gcab-lang >= 0.4-2.4.1
  • libgcab-1_0-0 >= 0.4-2.4.1
  • libgcab-1_0-0-debuginfo >= 0.4-2.4.1
Patchnames:
openSUSE-2015-13
openSUSE Leap 15.0
  • gcab >= 1.1-lp150.1.2
  • gcab-lang >= 1.1-lp150.1.2
  • libgcab-1_0-0 >= 1.1-lp150.1.2
Patchnames:
openSUSE Leap 15.0 GA gcab
openSUSE Leap 42.1
  • gcab >= 0.6-4.2
  • gcab-lang >= 0.6-4.2
  • libgcab-1_0-0 >= 0.6-4.2
Patchnames:
openSUSE Leap 42.1 GA gcab
openSUSE Leap 42.2
  • gcab >= 0.6-5.4
  • gcab-lang >= 0.6-5.4
  • libgcab-1_0-0 >= 0.6-5.4
Patchnames:
openSUSE Leap 42.2 GA gcab
openSUSE Leap 42.3
  • gcab >= 0.6-7.4
  • gcab-lang >= 0.6-7.4
  • libgcab-1_0-0 >= 0.6-7.4
Patchnames:
openSUSE Leap 42.3 GA gcab
openSUSE Tumbleweed
  • gcab >= 0.7-1.5
  • gcab-devel >= 0.7-1.5
  • gcab-lang >= 0.7-1.5
  • libgcab-1_0-0 >= 0.7-1.5
Patchnames:
openSUSE Tumbleweed GA gcab