Your submission was sent successfully! Close

USN-4764-1: GLib vulnerability

15 March 2021

GLib could be made to create files if it opened a specially crafted archive.

Releases

Packages

  • glib2.0 - GLib library of C routines

Details

It was discovered that GLib incorrectly handled certain symlinks when
replacing files. If a user or automated system were tricked into extracting
a specially crafted file with File Roller, a remote attacker could possibly
create files outside of the intended directory.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References