Lucene search

UbuntuUSN-4764-1

HistoryMar 15, 2021 - 12:00 a.m.

GLib vulnerability

2021-03-1500:00:00

ubuntu.com

122

glib

ubuntu

file roller

symlink

remote attacker

security issue

directory escape

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

0.013

Percentile

86.0%

JSON

Releases

Ubuntu 20.10
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM

Packages

glib2.0 - GLib library of C routines

Details

It was discovered that GLib incorrectly handled certain symlinks when
replacing files. If a user or automated system were tricked into extracting
a specially crafted file with File Roller, a remote attacker could possibly
create files outside of the intended directory.

OSVersionArchitecturePackageVersionFilename
Ubuntu20.10noarchlibglib2.0-0< 2.66.1-2ubuntu0.2UNKNOWN
Ubuntu20.10noarchlibglib2.0-0-dbgsym< 2.66.1-2ubuntu0.2UNKNOWN
Ubuntu20.10noarchlibglib2.0-bin< 2.66.1-2ubuntu0.2UNKNOWN
Ubuntu20.10noarchlibglib2.0-bin-dbgsym< 2.66.1-2ubuntu0.2UNKNOWN
Ubuntu20.10noarchlibglib2.0-data< 2.66.1-2ubuntu0.2UNKNOWN
Ubuntu20.10noarchlibglib2.0-dev< 2.66.1-2ubuntu0.2UNKNOWN
Ubuntu20.10noarchlibglib2.0-dev-bin< 2.66.1-2ubuntu0.2UNKNOWN
Ubuntu20.10noarchlibglib2.0-dev-bin-dbgsym< 2.66.1-2ubuntu0.2UNKNOWN
Ubuntu20.10noarchlibglib2.0-doc< 2.66.1-2ubuntu0.2UNKNOWN
Ubuntu20.10noarchlibglib2.0-tests< 2.66.1-2ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.10	noarch	libglib2.0-0	< 2.66.1-2ubuntu0.2	UNKNOWN
Ubuntu	20.10	noarch	libglib2.0-0-dbgsym	< 2.66.1-2ubuntu0.2	UNKNOWN
Ubuntu	20.10	noarch	libglib2.0-bin	< 2.66.1-2ubuntu0.2	UNKNOWN
Ubuntu	20.10	noarch	libglib2.0-bin-dbgsym	< 2.66.1-2ubuntu0.2	UNKNOWN
Ubuntu	20.10	noarch	libglib2.0-data	< 2.66.1-2ubuntu0.2	UNKNOWN
Ubuntu	20.10	noarch	libglib2.0-dev	< 2.66.1-2ubuntu0.2	UNKNOWN
Ubuntu	20.10	noarch	libglib2.0-dev-bin	< 2.66.1-2ubuntu0.2	UNKNOWN
Ubuntu	20.10	noarch	libglib2.0-dev-bin-dbgsym	< 2.66.1-2ubuntu0.2	UNKNOWN
Ubuntu	20.10	noarch	libglib2.0-doc	< 2.66.1-2ubuntu0.2	UNKNOWN
Ubuntu	20.10	noarch	libglib2.0-tests	< 2.66.1-2ubuntu0.2	UNKNOWN