Tobias C. Berner 054311d725 archivers/ark: fix vulnerability in tar extraction ... KDE Project Security Advisory ============================= Title: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory. Risk Rating: Important CVE: CVE-2020-24654 Versions: ark <= 20.08.0 Author: Elvis Angelaccio <elvis.angelaccio@kde.org> Date: 27 August 2020 Overview ======== A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction. Proof of concept ================ For testing, an example of malicious archive can be found at https://github.com/jwilk/traversal-archives/releases/download/0/dirsymlink.tar Impact ====== Users can unwillingly install files like a modified .bashrc, or a malicious script placed in ~/.config/autostart. Workaround ========== Before extracting a downloaded archive using the Ark GUI, users should inspect it to make sure it doesn't contain symlink entries pointing outside the extraction folder. The 'Extract' context menu from the Dolphin file manager shouldn't be used. Solution ======== Ark 20.08.1 skips maliciously crafted symlinks when extracting TAR archives. Alternatively, 8bf8c5ef07 can be applied to previous releases. Credits ======= Thanks to Fabian Vogt for reporting this issue and for fixing it. MFH: 2020Q3 Security: CVE-2020-24654		2020-08-28 05:47:31 +00:00
..
files	archivers/ark: fix vulnerability in tar extraction	2020-08-28 05:47:31 +00:00
distinfo	KDE's August 2020 Apps Update	2020-08-13 17:10:30 +00:00
Makefile	archivers/ark: fix vulnerability in tar extraction	2020-08-28 05:47:31 +00:00
pkg-descr
pkg-message
pkg-plist	Update KDE's Applications to 20.04.1	2020-05-15 16:52:00 +00:00