Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 7: 2020-0353 Moderate: Ark Malicious TAR Extraction Risk

mageia
Calendar Grey August 29, 2020
Dist Mageia Esm H88
A malicious TAR package can present security threats by placing files in user folders. Revised information for Mageia 7 has been incorporated.
A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction (CVE-2020-24654)

Summary

A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction (CVE-2020-24654).

References

- https://bugs.mageia.org/show_bug.cgi?id=27214

- https://kde.org/info/security/advisory-20200827-1.txt

- https://www.cve.org/CVERecord?id=CVE-2020-24654

Topics%20covered

Topics Covered

security advisory symlink malicious archive extraction issue magia

Resolution

SRPMS

- 7/core/ark-19.04.0-1.2.mga7

Publication date: 29 Aug 2020
URL: https://advisories.mageia.org/MGASA-2020-0353.html
Type: security
CVE: CVE-2020-24654

Topics%20covered

Topics Covered

security advisory symlink malicious archive extraction issue magia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here