MGASA-2020-0353 - Updated ark packages fix security vulnerability Publication date: 29 Aug 2020 URL: https://advisories.mageia.org/MGASA-2020-0353.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-24654 A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction (CVE-2020-24654). References: - https://bugs.mageia.org/show_bug.cgi?id=27214 - https://kde.org/info/security/advisory-20200827-1.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24654 SRPMS: - 7/core/ark-19.04.0-1.2.mga7
Mageia 2020-0353: ark security update
A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction (CVE-2020-24654)
Summary
A maliciously crafted TAR archive containing symlink entries would install
files anywhere in the user's home directory upon extraction (CVE-2020-24654).
References
- https://bugs.mageia.org/show_bug.cgi?id=27214
- https://kde.org/info/security/advisory-20200827-1.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24654
Resolution
MGASA-2020-0353 - Updated ark packages fix security vulnerability
SRPMS
- 7/core/ark-19.04.0-1.2.mga7
Severity
Publication date: 29 Aug 2020
URL: https://advisories.mageia.org/MGASA-2020-0353.html
Type: security
CVE: CVE-2020-24654
News
HOWTOs
About Us
Powered By
