vulnerability

Ubuntu: USN-4733-2: GNOME Autoar regression

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:N)	Mar 8, 2021	Mar 9, 2021	Feb 19, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:N)

Published

Mar 8, 2021

Added

Mar 9, 2021

Modified

Feb 19, 2025

Description

USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix introduced a regression when extracting archives containing directories. This update fixes the problem.

Original advisory details:

YiÄŸit Can YÄ±lmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.

Solutions

ubuntu-upgrade-libgnome-autoar-0-0ubuntu-upgrade-libgnome-autoar-gtk-0-0

References

UBUNTU-USN-4733-1
UBUNTU-USN-4733-2

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today