Ubuntu Security Notice 4937-2 - USN-4937-1 fixed a vulnerability in GNOME Autoar. The update caused a regression when extracting certain archives. This update fixes the problem. Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Various other issues were also addressed.
97c5b3c3e58430ec97755f5199d1f875e758fab3b49cf93d3fdab34352a6ef59