Stay Secure with the Latest Linux Advisories

security advisorycriticalinformation disclosure

Ubuntu 20.04 LTS: 4461-1 Critical: Ark File Extraction Risk

Ark could be made to write files as your login if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-4461-1 August 18, 2020 ark vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Ark could be made to write files as your login if it opened a specially crafted file. Software Description: - ark: archive utility Details: Dominik Penner discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this to construct a malicious zip archive that, when opened, would create files outside the extraction directory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: ark 4:19.12.3-0ubuntu1.1 Ubuntu 18.04 LTS: ark 4:17.12.3-0ubuntu1.1 After a standard system update you need to restart Ark to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4461-1 CVE-2020-16116 Package Information: https://launchpad.net/ubuntu/+source/ark/4:19.12.3-0ubuntu1.1 https://launchpad.net/ubuntu/+source/ark/4:17.12.3-0ubuntu1.1 . A serious vulnerability in the Ark application on Ubuntu could allow unauthorized file changes during user login, creating major security risks. Apply updates promptly to protect your systems. Ark Security, Ubuntu Threats, File Extraction Issues, Archive Utility Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Aug 18, 2020 •Critical Ubuntu