Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 21.04 USN-4937-2 Critical: GNOME Autoar Extraction Issue

ubuntu
Calendar Grey June 7, 2021
Dist Ubuntu Esm H88
A regression in GNOME Autoar has been reported under USN-4937-2; discover methods to counteract possible threats and ensure your system is current.
USN-4937-1 introduced a regression in GNOME Autoar.

Summary

USN-4937-1 introduced a regression in GNOME Autoar.

Software Description:

- gnome-autoar: Archive integration support for GNOME

Details:

USN-4937-1 fixed a vulnerability in GNOME Autoar. The update caused a

regression when extracting certain archives. This update fixes the problem.

Original advisory details:

Ondrej Holy discovered that GNOME Autoar could extract files outside of the

intended directory. If a user were tricked into extracting a specially

crafted archive, a remote attacker could create files in arbitrary

locations, possibly leading to code execution.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  libgnome-autoar-0-0             0.3.1-1ubuntu0.1
  libgnome-autoar-gtk-0-0         0.3.1-1ubuntu0.1

Ubuntu 20.10:
  libgnome-autoar-0-0             0.2.4-2ubuntu0.4
  libgnome-autoar-gtk-0-0         0.2.4-2ubuntu0.4

Ubuntu 20.04 LTS:
  libgnome-autoar-0-0             0.2.3-2ubuntu0.4
  libgnome-autoar-gtk-0-0         0.2.3-2ubuntu0.4

Ubuntu 18.04 LTS:
  libgnome-autoar-0-0             0.2.3-1ubuntu0.4
  libgnome-autoar-gtk-0-0         0.2.3-1ubuntu0.4

After a standard system update you need to restart your session to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-4937-2

https://bugs.launchpad.net/ubuntu/+source/gnome-autoar/+bug/1929304

Severity
critical
Lowest
Low
Medium
High
Critical

June 07, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here