UbuntuUpdates.org

Package "ark"

Name: ark

Description:

archive utility
Latest version: 4:19.12.3-0ubuntu1.2
Release: focal (20.04)
Level: updates
Repository: universe
Homepage: http://www.kde.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ark"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ark" in Focal

Repository Area Version
base universe 4:19.12.3-0ubuntu1
security universe 4:19.12.3-0ubuntu1.2

Changelog

Version: 4:19.12.3-0ubuntu1.2 2020-09-01 22:06:35 UTC

  ark (4:19.12.3-0ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: maliciously crafted TAR archive with symlinks can
    install files outside the extraction directory. (LP: #1893465)
    - 002-CVE-2020-24654-tar-symlinks-outside-extraction-directory.patch
    - CVE-2020-24654
    - Thanks to Fabian Vogt for reporting this issue and for fixing it.

 -- vishnunaini <email address hidden> Fri, 28 Aug 2020 22:12:54 +0530
Source diff to previous version
1893465 KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.
CVE-2020-24654 RESERVED

Version: 4:19.12.3-0ubuntu1.1 2020-08-18 06:06:21 UTC

  ark (4:19.12.3-0ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: Ark: maliciously crafted archive can install
    files outside the extraction directory.
    - 001-maliciously-crafted-archive-can-install-files-outside-the-extraction-directory.patch
    - CVE-2020-16116
    - Thanks to Dominik Penner for finding and reporting this issue and
      thanks to Elvis Angelaccio and Albert Astals Cid for fixing it.

 -- <email address hidden> (v.naini) Thu, 30 Jul 2020 23:10:55 +0530
CVE-2020-16116 In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.


About   -   Send Feedback to @ubuntu_updates