Überschreiben von Dateien in Ark
ID: | USN-4461-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 18.04 LTS, Ubuntu 20.04 LTS |
Datum: | Di, 18. August 2020, 22:40 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16116 |
Applikationen: | KDE Applications |
Originalnachricht |
|
--===============5916959646192242610== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="3V7upXqbjpZ4EhLz" Content-Disposition: inline --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-4461-1 August 18, 2020 ark vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Ark could be made to write files as your login if it opened a specially crafted file. Software Description: - ark: archive utility Details: Dominik Penner discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this to construct a malicious zip archive that, when opened, would create files outside the extraction directory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: ark 4:19.12.3-0ubuntu1.1 Ubuntu 18.04 LTS: ark 4:17.12.3-0ubuntu1.1 After a standard system update you need to restart Ark to make all the necessary changes. References: https://usn.ubuntu.com/4461-1 CVE-2020-16116 Package Information: https://launchpad.net/ubuntu/+source/ark/4:19.12.3-0ubuntu1.1 https://launchpad.net/ubuntu/+source/ark/4:17.12.3-0ubuntu1.1 --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl87ZY8ACgkQLwmejQBe gfQB5w//T59P4lBAV56tONZeEsURHBwTtdDJ5Q5c1o/xVlzjF+++JyvCCmF8AYsy y7f1Wp3eVGR5KPuZI02IzpS6WkH8uR1NkIMJmsHcey6alIp31coTuvoVpR9/Kzcs CH9QcSNe3UaeCKM1Nhg7PGuUFjhQ0fiv6WEGY5YyLw+JjZA7lI3z6YhXsS5EGS+W J3Ra29H6Y9wZF28nXaLw0GS9hb0/ivOEpE6TJRtsdlSSi1Sq/xmRPlcCWBW8QCmW W9olh+4wgmDnjgRDpiORYxNavUeadFckDSmiqSG9OeNlcF+2YQiGQy3mBoSFT7yz qtOcALvzxWHtnB2A21v65eSvAXdJyHBmpP/DJpTsf+ZxnDMWHdWPOb1FknhTTdQH /MItYNhe/xR66EoGM4Y4ss0IZvxmlMWgqTb671G/JzU+KN4focnV8PhOfXEFiVys 2eITqW7sGotmx3wH5qEigIwyxEpsH0KUlCRTX8gTwoOATi646viPY7ILmiaoxclI gQzXeyLvCUcW+EpfNVwu7g+d2eLWTJSneEEpXdu3mlnZPqlp56zFVMZYUkQZU/Bk wLEbOwTu3KPceNtCjqhTuZRAtz50Hk7xxWmZwSU72dOXpwyg4ij4j9xnFYiaNYuY 9QECJ901e29rV4+ym9vyomDrTRi2LPPDN+Z3bTp8hD5kTIYueaM= =mvIa -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz-- --===============5916959646192242610== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |