Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Ubuntu 20.10, 20.04, 18.04: USN-4733-2 Regression Fix for GNOME Autoar

ubuntu
Calendar Grey March 8, 2021
Dist Ubuntu Esm H88
Addresses USN-4733-2 concerning GNOME Autoar, rectifying a regression problem that influences several Ubuntu versions while enhancing overall security.
USN-4733-1 introduced a regression in GNOME Autoar.

Summary

USN-4733-1 introduced a regression in GNOME Autoar.

Software Description:

- gnome-autoar: Archive integration support for GNOME

Details:

USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix

introduced a regression when extracting archives containing directories.

This update fixes the problem.

Original advisory details:

Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside

of the intended directory. If a user were tricked into extracting a

specially crafted archive, a remote attacker could create files in

arbitrary locations, possibly leading to code execution.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  libgnome-autoar-0-0             0.2.4-2ubuntu0.2
  libgnome-autoar-gtk-0-0         0.2.4-2ubuntu0.2

Ubuntu 20.04 LTS:
  libgnome-autoar-0-0             0.2.3-2ubuntu0.2
  libgnome-autoar-gtk-0-0         0.2.3-2ubuntu0.2

Ubuntu 18.04 LTS:
  libgnome-autoar-0-0             0.2.3-1ubuntu0.2
  libgnome-autoar-gtk-0-0         0.2.3-1ubuntu0.2

After a standard system update you need to restart your session to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4733-1

https://bugs.launchpad.net/ubuntu/+source/gnome-autoar/+bug/1917812

Severity
critical
Lowest
Low
Medium
High
Critical

March 08, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.