Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 20.10, 20.04 LTS Critical: USN-4733-1 GNOME Autoar File Overwrite

ubuntu
Calendar Grey February 11, 2021
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-4733-1 informs about a GNOME Autoar vulnerability that could result in unintended file replacements, along with crucial updates to mitigate security threats
GNOME Autoar could be made to overwrite files.

Summary

GNOME Autoar could be made to overwrite files.

Software Description:

- gnome-autoar: Archive integration support for GNOME

Details:

Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside

of the intended directory. If a user were tricked into extracting a

specially crafted archive, a remote attacker could create files in

arbitrary locations, possibly leading to code execution.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  libgnome-autoar-0-0             0.2.4-2ubuntu0.1
  libgnome-autoar-gtk-0-0         0.2.4-2ubuntu0.1

Ubuntu 20.04 LTS:
  libgnome-autoar-0-0             0.2.3-2ubuntu0.1
  libgnome-autoar-gtk-0-0         0.2.3-2ubuntu0.1

Ubuntu 18.04 LTS:
  libgnome-autoar-0-0             0.2.3-1ubuntu0.1
  libgnome-autoar-gtk-0-0         0.2.3-1ubuntu0.1

After a standard system update you need to restart your session to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4733-1

CVE-2020-36241

Severity
critical
Lowest
Low
Medium
High
Critical

February 11, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.