USN-4937-1: GNOME Autoar vulnerability

06 May 2021

GNOME Autoar could be made to overwrite files.

Releases

Packages

Details

Ondrej Holy discovered that GNOME Autoar could extract files outside of the
intended directory. If a user were tricked into extracting a specially
crafted archive, a remote attacker could create files in arbitrary
locations, possibly leading to code execution.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04

After a standard system update you need to restart your session to make all
the necessary changes.

References