openSUSE-SU-2020:1310-2

Опубликовано: 01 сент. 2020

Источник: suse-cvrf

Описание

Security update for ark

This update for ark fixes the following issues:

CVE-2020-24654: maliciously crafted TAR archive can install files outside the extraction directory (boo#1175857)

Список пакетов

SUSE Package Hub 15 SP1

ark-20.04.2-bp152.2.6.1

ark-lang-20.04.2-bp152.2.6.1

libkerfuffle18-18.12.3-bp151.3.6.1

libkerfuffle20-20.04.2-bp152.2.6.1

SUSE Package Hub 15 SP2

ark-20.04.2-bp152.2.6.1

ark-lang-20.04.2-bp152.2.6.1

libkerfuffle18-18.12.3-bp151.3.6.1

libkerfuffle20-20.04.2-bp152.2.6.1

openSUSE Leap 15.1

ark-20.04.2-bp152.2.6.1

ark-lang-20.04.2-bp152.2.6.1

libkerfuffle18-18.12.3-bp151.3.6.1

libkerfuffle20-20.04.2-bp152.2.6.1

openSUSE Leap 15.2

ark-20.04.2-bp152.2.6.1

ark-lang-20.04.2-bp152.2.6.1

libkerfuffle18-18.12.3-bp151.3.6.1

libkerfuffle20-20.04.2-bp152.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y3ZHOR6AHLO4FM6ZGN3AQXUYDOEL5ELV/
E-Mail link for openSUSE-SU-2020:1310-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1175857
SUSE Bug 1175857
https://www.suse.com/security/cve/CVE-2020-24654/
SUSE CVE CVE-2020-24654 page

Описание

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

Затронутые продукты

SUSE Package Hub 15 SP1:ark-20.04.2-bp152.2.6.1

SUSE Package Hub 15 SP1:ark-lang-20.04.2-bp152.2.6.1

SUSE Package Hub 15 SP1:libkerfuffle18-18.12.3-bp151.3.6.1

SUSE Package Hub 15 SP1:libkerfuffle20-20.04.2-bp152.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-24654.html
CVE-2020-24654
https://bugzilla.suse.com/1175857
SUSE Bug 1175857

openSUSE-SU-2020:1310-2

Описание

Список пакетов

SUSE Package Hub 15 SP1

SUSE Package Hub 15 SP2

openSUSE Leap 15.1

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-24654

Описание

Затронутые продукты

Ссылки