USN-4733-1: GNOME Autoar vulnerability

11 February 2021

GNOME Autoar could be made to overwrite files.

Releases

Packages

Details

Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside
of the intended directory. If a user were tricked into extracting a
specially crafted archive, a remote attacker could create files in
arbitrary locations, possibly leading to code execution.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04

After a standard system update you need to restart your session to make
all the necessary changes.

References