USN-4832-1: Plexus Archiver vulnerability
15 March 2021
Plexus Archiver could be made to overwrite files if it received specially crafted Zip file.
Releases
Packages
- plexus-archiver - A collection of Plexus components for handling archives
Details
It was discovered that Plexus Archiver incorrectly handled directory
traversal during extraction. An attacker could possibly use this for a
Zip-Slip attack.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
libplexus-archiver-java
-
3.5-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.