CVE-2016-7162 – Ubuntu Security Notice USN-3074-1

https://notcve.org/view.php?id=CVE-2016-7162

09 Sep 2016 — The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. La función _g_file_remove_directory en file-utils.c en File Roller 3.5.4 hasta la versión 3.20.2 permite a atacantes remotos eliminar archivos arbitrarios a través de un ataque de enlace simbólico en una carpeta en un archivo. It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extr... • http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news • CWE-20: Improper Input Validation •