Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Ubuntu 22.04 LTS USN-7030-1 Moderate: py7zr Path Traversal Risk

Calendar Sep 24, 2024 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate ubuntu path traversal arbitrary file py7zr
py7zr could be made to create arbitrary files when extracting the contents of a specially crafted 7z archive. 
==========================================================================
Ubuntu Security Notice USN-7030-1
September 24, 2024

py7zr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

py7zr could be made to create arbitrary files when extracting the contents
of a specially crafted 7z archive.

Software Description:
- py7zr: Pure Python 7-zip library

Details:

It was discovered that py7zr was vulnerable to path traversal attacks.
If a user or automated system were tricked into extracting a specially
crafted 7z archive, an attacker could possibly use this issue to write
arbitrary files outside the target directory on the host.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   python3-py7zr                   0.11.3+dfsg-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7030-1
   CVE-2022-44900

Package Information:
   https://launchpad.net/ubuntu/+source/py7zr/0.11.3+dfsg-4ubuntu0.1

Ubuntu 22.04 LTS USN-7030-1 Moderate: py7zr Path Traversal Risk

ubuntu
Calendar Grey September 24, 2024
Dist Ubuntu Esm H88
To bolster your Ubuntu system's security, tackle the py7zr vulnerability that might permit unauthorized file creation. Run the following commands to update and resolve this issue
py7zr could be made to create arbitrary files when extracting the contents of a specially crafted 7z archive.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: py7zr could be made to create arbitrary files when extracting the contents of a specially crafted 7z archive. Software Description: - py7zr: Pure Python 7-zip library Details: It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host.

Topics%20covered

Topics Covered

security advisory moderate ubuntu path traversal arbitrary file py7zr

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS python3-py7zr 0.11.3+dfsg-4ubuntu0.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7030-1

CVE-2022-44900

Ubuntu Security Notice USN-7030-1

Topics%20covered

Topics Covered

security advisory moderate ubuntu path traversal arbitrary file py7zr

Package Information

https://launchpad.net/ubuntu/+source/py7zr/0.11.3+dfsg-4ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here