First published: Tue Aug 18 2020(Updated: )
Dominik Penner discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this to construct a malicious zip archive that, when opened, would create files outside the extraction directory.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/ark | <4:19.12.3-0ubuntu1.1 | 4:19.12.3-0ubuntu1.1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/ark | <4:17.12.3-0ubuntu1.1 | 4:17.12.3-0ubuntu1.1 |
Ubuntu Ubuntu | =18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is USN-4461-1.
Ark did not properly sanitize zip archive files before performing extraction, allowing an attacker to construct a malicious zip archive that could create files outside the extraction directory.
Ark version 4:19.12.3-0ubuntu1.1 and 4:17.12.3-0ubuntu1.1 are affected.
The severity of the vulnerability is not provided in the information.
Apply the appropriate security patch provided by Ubuntu to upgrade Ark to the fixed versions: 4:19.12.3-0ubuntu1.1 or 4:17.12.3-0ubuntu1.1.