Bugzilla – Bug 1218428
VUL-0: CVE-2023-50255: deepin-compressor: path traversal during file extraction
Last modified: 2024-06-16 08:58:31 UTC
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50255 https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6 https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2
Relevant for: - openSUSE:Backports:SLE-15-SP4/deepin-compressor - openSUSE:Backports:SLE-15-SP5/deepin-compressor - openSUSE:Factory/deepin-compressor
This is an autogenerated message for OBS integration: This bug (1218428) was mentioned in https://build.opensuse.org/request/show/1135472 Backports:SLE-15-SP4 / deepin-compressor https://build.opensuse.org/request/show/1135474 Backports:SLE-15-SP5 / deepin-compressor https://build.opensuse.org/request/show/1135476 Factory / deepin-compressor
openSUSE-SU-2023:0423-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1218428 CVE References: CVE-2023-50255 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): deepin-compressor-5.12.13-bp155.2.3.1
openSUSE-SU-2023:0424-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1218428 CVE References: CVE-2023-50255 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): deepin-compressor-5.12.2-bp154.2.3.1
Fixed