Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 20.04 LTS USN-4937-1 Moderate: GNOME Autoar File Overwrite

ubuntu
Calendar Grey May 6, 2021
Dist Ubuntu Esm H88
The GNOME Archive Manager on Ubuntu could potentially enable malicious actors to replace files through specially designed archive files, presenting a vulnerability.
GNOME Autoar could be made to overwrite files.

Summary

GNOME Autoar could be made to overwrite files.

Software Description:

- gnome-autoar: Archive integration support for GNOME

Details:

Ondrej Holy discovered that GNOME Autoar could extract files outside of the

intended directory. If a user were tricked into extracting a specially

crafted archive, a remote attacker could create files in arbitrary

locations, possibly leading to code execution.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  libgnome-autoar-0-0             0.2.4-2ubuntu0.3
  libgnome-autoar-gtk-0-0         0.2.4-2ubuntu0.3

Ubuntu 20.04 LTS:
  libgnome-autoar-0-0             0.2.3-2ubuntu0.3
  libgnome-autoar-gtk-0-0         0.2.3-2ubuntu0.3

Ubuntu 18.04 LTS:
  libgnome-autoar-0-0             0.2.3-1ubuntu0.3
  libgnome-autoar-gtk-0-0         0.2.3-1ubuntu0.3

After a standard system update you need to restart your session to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-4937-1

CVE-2021-28650

Severity
important
Lowest
Low
Medium
High
Critical

May 06, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here