This bug was fixed in the package ark - 4:17.12.3-0ubuntu1.2
---------------
ark (4:17.12.3-0ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: maliciously crafted TAR archive with symlinks can
install files outside the extraction directory. (LP: #1893465)
- 002-CVE-2020-24654-tar-symlinks-outside-extraction-directory.patch
- CVE-2020-24654
- Thanks to Fabian Vogt for reporting this issue and for fixing it.
-- vishnunaini <[email protected]> Fri, 28 Aug 2020 22:12:54
+0530
** Changed in: ark (Ubuntu Bionic)
Status: New => Fix Released
** Changed in: ark (Ubuntu Focal)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1893465
Title:
KDE Project Security Advisory: Ark: maliciously crafted TAR archive
with symlinks can install files outside the extraction directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1893465/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs