Ubuntu alert USN-8307-1 (onnx)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8307-1] ONNX vulnerability | |
| Date: | Tue, 26 May 2026 20:50:38 +0000 | |
| Message-ID: | <E1wRyjW-0000aa-AW@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8307-1 May 26, 2026 onnx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: ONNX could be made to overwrite arbitrary files if a user downloaded a specially crafted model archive. Software Description: - onnx: Open Neural Network Exchange Details: It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libonnx1t64 1.14.1-2.1ubuntu0.1~esm1 Available with Ubuntu Pro python3-onnx 1.14.1-2.1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8307-1 CVE-2024-5187
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoWAOMACgkQcpJm3tlz hgF6bBAA1e8JRfLNaL47rTGPreh5SLbSQJIqRPI8AyrSGFe29V7BUWXPbWkajuSr as+qRCddK87oR33/M/FmRHOBfvybcHasWXzrs/m5ykv0JnxWxduRnBJDFs55+l6c MrpMlfPhQcjgqoAtjGsTbvscbFwN0QpUQtcYbLwoqMWY1bvgGS1yK0i+9ixr0S/A zNQUkJH5UaNAtFHk2Fauo+i0vZ+S/CIDsflkdp0LOXf2TYBMCzQHihE4ZPMsjwhh LK05rAI2IPYHPcdevp6jHioYVLZGGKLU9Dj9MZPOM5oA/EC1t4Nj/jTjUUNTsR5N va6jRm49phrsujVWlHPSty/9LAdomaCNp2AeXQ6dntsVZ+W7+KH4AdM6PcCGMg1U e8r/MtaOh2tbKsY/zLfTZK0gF350yhLFlPiwV81YDi9bPzIFQVCUunRwCcGK1cxO e1YIi9wpmuagncV2NWMQM8X5fbnBtezdmL28cuDn+4iqVz7rop6tfH7BRkBX8LQE pgxOxzx2joexEiEywRIG7kNLZI0ym3kKxeqxPy2Tqilesn6zBIxtjWyERo9wKTgH lTTQQxBAZNaRsUIw92Wga5IkAG97IEU0p23UsZrQGoy1OspPni0YlWyPe2o3LaPY PiqMXxnrsVZXwdVxAJd/x5zpSGb3bBsvF3CaUTuoMT5K4y3UJFI= =D9w9 -----END PGP SIGNATURE-----