USN-4733-1
See a problem?- Source
- https://ubuntu.com/security/notices/USN-4733-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4733-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-4733-1
- Related
- Published
- 2021-02-11T12:46:24.575502Z
- Modified
- 2021-02-11T12:46:24.575502Z
- Summary
- gnome-autoar vulnerability
- Details
-
Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.
- References
Affected packages
Ubuntu:18.04:LTS / gnome-autoar
Package
- Name
- gnome-autoar
- Purl
- pkg:deb/ubuntu/gnome-autoar@0.2.3-1ubuntu0.1?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.2.3-1ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"libgnome-autoar-gtk-0-dev": "0.2.3-1ubuntu0.1",
"libgnome-autoar-0-dev": "0.2.3-1ubuntu0.1",
"gir1.2-gnomeautoargtk-0.1": "0.2.3-1ubuntu0.1",
"libgnome-autoar-gtk-0-0": "0.2.3-1ubuntu0.1",
"libgnome-autoar-doc": "0.2.3-1ubuntu0.1",
"libgnome-autoar-gtk-0-0-dbgsym": "0.2.3-1ubuntu0.1",
"libgnome-autoar-0-0-dbgsym": "0.2.3-1ubuntu0.1",
"libgnome-autoar-0-0": "0.2.3-1ubuntu0.1",
"gir1.2-gnomeautoar-0.1": "0.2.3-1ubuntu0.1"
}
]
}
Ubuntu:20.04:LTS / gnome-autoar
Package
- Name
- gnome-autoar
- Purl
- pkg:deb/ubuntu/gnome-autoar@0.2.3-2ubuntu0.1?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.2.3-2ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"libgnome-autoar-gtk-0-dev": "0.2.3-2ubuntu0.1",
"libgnome-autoar-0-dev": "0.2.3-2ubuntu0.1",
"gir1.2-gnomeautoargtk-0.1": "0.2.3-2ubuntu0.1",
"libgnome-autoar-gtk-0-0": "0.2.3-2ubuntu0.1",
"libgnome-autoar-doc": "0.2.3-2ubuntu0.1",
"libgnome-autoar-gtk-0-0-dbgsym": "0.2.3-2ubuntu0.1",
"libgnome-autoar-0-0-dbgsym": "0.2.3-2ubuntu0.1",
"libgnome-autoar-0-0": "0.2.3-2ubuntu0.1",
"gir1.2-gnomeautoar-0.1": "0.2.3-2ubuntu0.1"
}
]
}