Debian: DSA-4759-1: ark security update
Debian: DSA-4759-1: ark security update
Fabian Vogt reported that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory.
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4759-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ark CVE ID : CVE-2020-24654 Debian Bug : 969437 Fabian Vogt reported that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory. For the stable distribution (buster), this problem has been fixed in version 4:18.08.3-1+deb10u2. We recommend that you upgrade your ark packages. For the detailed security status of ark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ark Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
