========================================================================== Ubuntu Security Notice USN-4461-1 August 18, 2020
ark vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Ark could be made to write files as your login if it opened a specially crafted file. Software Description: - ark: archive utility Details: Dominik Penner discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this to construct a malicious zip archive that, when opened, would create files outside the extraction directory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: ark 4:19.12.3-0ubuntu1.1 Ubuntu 18.04 LTS: ark 4:17.12.3-0ubuntu1.1 After a standard system update you need to restart Ark to make all the necessary changes. References: https://usn.ubuntu.com/4461-1 CVE-2020-16116 Package Information: https://launchpad.net/ubuntu/+source/ark/4:19.12.3-0ubuntu1.1 https://launchpad.net/ubuntu/+source/ark/4:17.12.3-0ubuntu1.1
signature.asc
Description: PGP signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
