[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 596-1] extplorer security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : extplorer
Version        : 2.1.0b6+dfsg.3-4+deb7u4
CVE ID         : CVE-2016-4313

It was discovered that there was an archive traversal exploit in eXtplorer,
a web-based file manager.

The unzip/extract feature allowed for path traversal as decompressed files
can be placed outside of the intended target directory if the archive
content contained "../" characters.

For Debian 7 "Wheezy", this issue has been fixed in extplorer version
2.1.0b6+dfsg.3-4+deb7u4.

We recommend that you upgrade your extplorer packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJXskJOAAoJEB6VPifUMR5Y7FsP/Ap8+dtoh5Cu6V4kzEJytxl5
Uh5/vS5wU/IeP6sl7qSlfcWQTAksMFqi1A/DVWyQe4yQ894AK71oYqH2pdiDen1o
4KuuiS0SyWPUnQDMjuKJyhuTUglf8OEZWlqqaZl6CSBV/bD2aMvUCY/3rVb1gSzZ
pVSP8FthxnBGN3ryATgTfRaZ7QGfL9Xy1sUB5kMJUkk2ThldTGyneCgUO+nrSMsa
Zd467RFBCWmch5eyOfDKOiSZi32+8IcyleMYwFI+A97WNmtbjQAFzQAjxeN0aLtw
3GE+2qsSPBh0WETMX+23kMbQUkR9W9H5CXCHBgxonvB7iXL574iaDChYdQ0T8MTR
uiBnb5lC6J2mPfwGaTHKGW6vK25yo7OAwfy/N5mwz4Sk+A4l/AQHPCUVThQSgLu0
FMgkKhOLCO2zf7BM9yYLWvOkx/HQc73PohUZPafG15J2KLCTizbbw2JDz3CaA6/R
a18Oog7EAJ7xk+y6aKWlxOjtLn+i1rJPrSKIVLyjce98Z8U4v/pXtZehamMpixD5
Uq7W1cemUCoirdA2hvs8DTV2ZHAtUEGZl0T0ZR5D4oi6NtuDUXzGenkYwlsK1gSn
tmy1Q7QPG9Vm6l6+aZsRnLOPKfpniDJ7kpXBFdsjlnpUuUn0NtJ+f+MqWIvltN85
JFCAg5yEd7d6ahRBBAmF
=w8ij
-----END PGP SIGNATURE-----


Reply to: