Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "0.2.3-1ubuntu0.3", "binary_name": "gir1.2-gnomeautoar-0.1" }, { "binary_version": "0.2.3-1ubuntu0.3", "binary_name": "gir1.2-gnomeautoargtk-0.1" }, { "binary_version": "0.2.3-1ubuntu0.3", "binary_name": "libgnome-autoar-0-0" }, { "binary_version": "0.2.3-1ubuntu0.3", "binary_name": "libgnome-autoar-0-0-dbgsym" }, { "binary_version": "0.2.3-1ubuntu0.3", "binary_name": "libgnome-autoar-0-dev" }, { "binary_version": "0.2.3-1ubuntu0.3", "binary_name": "libgnome-autoar-doc" }, { "binary_version": "0.2.3-1ubuntu0.3", "binary_name": "libgnome-autoar-gtk-0-0" }, { "binary_version": "0.2.3-1ubuntu0.3", "binary_name": "libgnome-autoar-gtk-0-0-dbgsym" }, { "binary_version": "0.2.3-1ubuntu0.3", "binary_name": "libgnome-autoar-gtk-0-dev" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "0.2.3-2ubuntu0.3", "binary_name": "gir1.2-gnomeautoar-0.1" }, { "binary_version": "0.2.3-2ubuntu0.3", "binary_name": "gir1.2-gnomeautoargtk-0.1" }, { "binary_version": "0.2.3-2ubuntu0.3", "binary_name": "libgnome-autoar-0-0" }, { "binary_version": "0.2.3-2ubuntu0.3", "binary_name": "libgnome-autoar-0-0-dbgsym" }, { "binary_version": "0.2.3-2ubuntu0.3", "binary_name": "libgnome-autoar-0-dev" }, { "binary_version": "0.2.3-2ubuntu0.3", "binary_name": "libgnome-autoar-doc" }, { "binary_version": "0.2.3-2ubuntu0.3", "binary_name": "libgnome-autoar-gtk-0-0" }, { "binary_version": "0.2.3-2ubuntu0.3", "binary_name": "libgnome-autoar-gtk-0-0-dbgsym" }, { "binary_version": "0.2.3-2ubuntu0.3", "binary_name": "libgnome-autoar-gtk-0-dev" } ] }