Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 618
Alerts This Week
Warning Icon 1 618

Ubuntu 20.04 LTS: 4764-1 Moderate: GLib Archive File Creation Risk

ubuntu
Calendar Grey March 15, 2021
Dist Ubuntu Esm H88
Serious vulnerability found in GLib impacts various Ubuntu versions, enabling the risk of unauthorized file creations via compressed archives.
GLib could be made to create files if it opened a specially crafted archive.

Summary

GLib could be made to create files if it opened a specially crafted

archive.

Software Description:

- glib2.0: GLib library of C routines

Details:

It was discovered that GLib incorrectly handled certain symlinks when

replacing files. If a user or automated system were tricked into extracting

a specially crafted file with File Roller, a remote attacker could possibly

create files outside of the intended directory.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  libglib2.0-0                    2.66.1-2ubuntu0.2

Ubuntu 20.04 LTS:
  libglib2.0-0                    2.64.6-1~ubuntu20.04.3

Ubuntu 18.04 LTS:
  libglib2.0-0                    2.56.4-0ubuntu0.18.04.8

Ubuntu 16.04 LTS:
  libglib2.0-0                    2.48.2-0ubuntu4.8

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4764-1

CVE-2021-28153

Severity
important
Lowest
Low
Medium
High
Critical

March 15, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.