vulnerability

Ubuntu: USN-4733-2: GNOME Autoar regression

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:N)	2021-03-08	2021-03-09	2025-02-19

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:N)

Published

2021-03-08

Added

2021-03-09

Modified

2025-02-19

Description

USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix introduced a regression when extracting archives containing directories. This update fixes the problem.

Original advisory details:

YiÄŸit Can YÄ±lmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.

Solution(s)

ubuntu-upgrade-libgnome-autoar-0-0ubuntu-upgrade-libgnome-autoar-gtk-0-0

References

UBUNTU-USN-4733-1
UBUNTU-USN-4733-2

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today