CVE-2020-24654

Priority
Description
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install
files outside the extraction directory, as demonstrated by a write
operation to a user's home directory.
Notes
Package
Source: ark (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4:15.12.3-0ubuntu1.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (4:17.12.3-0ubuntu1.2)
Ubuntu 20.04 LTS (Focal Fossa):released (4:19.12.3-0ubuntu1.2)
Ubuntu 20.10 (Groovy Gorilla):released (4:20.08.1-0ubuntu1)
More Information

Updated: 2020-09-18 04:45:57 UTC (commit 138a3b00836060d8cce6678d1a23781391e3219f)