95a5cd59ae
archivers/ark: security fix
KDE Project Security Advisory
=============================
Title: Ark: maliciously crafted archive can install files outside the extraction directory.
Risk Rating: Important
CVE: CVE-2020-16116
Versions: ark <= 20.04.3
Author: Elvis Angelaccio <elvis.angelaccio@kde.org>
Date: 30 July 2020
Overview
========
A maliciously crafted archive with "../" in the file paths
would install files anywhere in the user's home directory upon extraction.
Proof of concept
================
For testing, an example of malicious archive can be found at
https://github.com/jwilk/traversal-archives/releases/download/0/relative2.zip
Impact
======
Users can unwillingly install files like a modified .bashrc, or a malicious
script placed in ~/.config/autostart
Workaround
==========
Users should not use the 'Extract' context menu from the Dolphin file manager.
Before extracting a downloaded archive using the Ark GUI, users should inspect it
to make sure it doesn't contain entries with "../" in the file path.
Solution
========
Ark 20.08.0 prevents loading of malicious archives and shows a warning message
to the users.
Alternatively,
|
||
---|---|---|
.. | ||
9e | ||
advancecomp | ||
amigadepacker | ||
arc | ||
arj | ||
ark | ||
atool | ||
bicom | ||
brotli | ||
bzip | ||
bzip2 | ||
c-blosc | ||
cabextract | ||
dact | ||
deb2targz | ||
deco | ||
deutex | ||
dpkg | ||
dzip | ||
ecm | ||
engrampa | ||
erlang-snappy | ||
fastjar | ||
file-roller | ||
fpc-bzip2 | ||
fpc-unzip | ||
gcab | ||
gcpio | ||
gnome-autoar | ||
grzip | ||
gtar | ||
gzip | ||
gzrecover | ||
ha | ||
hlextract | ||
innoextract | ||
javatar | ||
jzlib | ||
kf5-karchive | ||
kzip | ||
laszip | ||
lazperf | ||
lbrate | ||
lbzip2 | ||
lcab | ||
lha | ||
lha-ac | ||
lhasa | ||
lib1541img | ||
libarc | ||
libarchive | ||
libcabinet | ||
libcomprex | ||
libdeflate | ||
libdynamite | ||
liblz4 | ||
liblzxcomp | ||
libmspack | ||
libpar2 | ||
librtfcomp | ||
libunrar | ||
libunrar5 | ||
libzip | ||
linux-c7-lz4 | ||
lizard | ||
lrzip | ||
lua-lzlib | ||
lua-zlib | ||
lzfse | ||
lzip | ||
lziprecover | ||
lzlib | ||
lzma | ||
lzmalib | ||
lzo2 | ||
lzop | ||
makeself | ||
mar | ||
maxcso | ||
minizip | ||
mscompress | ||
mtf | ||
nomarch | ||
nwreckdum | ||
ocaml-bz2 | ||
ocaml-zip | ||
opkg-openwrt | ||
p5-Archive-Any | ||
p5-Archive-Any-Lite | ||
p5-Archive-Any-Plugin-Rar | ||
p5-Archive-Extract | ||
p5-Archive-Extract-Libarchive | ||
p5-Archive-Peek | ||
p5-Archive-Rar | ||
p5-Archive-SimpleExtractor | ||
p5-Archive-Tar | ||
p5-Archive-Tar-Wrapper | ||
p5-Archive-Zip | ||
p5-Compress-Bzip2 | ||
p5-Compress-LZ4 | ||
p5-Compress-LZF | ||
p5-Compress-LZO | ||
p5-Compress-LZW | ||
p5-Compress-Raw-Bzip2 | ||
p5-Compress-Raw-Lzma | ||
p5-Compress-Raw-Zlib | ||
p5-Compress-Snappy | ||
p5-Gzip-Faster | ||
p5-IO-Compress | ||
p5-IO-Compress-Brotli | ||
p5-IO-Compress-Lzf | ||
p5-IO-Compress-Lzma | ||
p5-IO-Compress-Lzop | ||
p5-IO-Zlib | ||
p5-Mac-Macbinary | ||
p5-PerlIO-gzip | ||
p5-PerlIO-via-Bzip2 | ||
p5-POE-Filter-Bzip2 | ||
p5-POE-Filter-LZF | ||
p5-POE-Filter-LZO | ||
p5-POE-Filter-LZW | ||
p5-POE-Filter-Zlib | ||
p7zip | ||
p7zip-codec-rar | ||
packddir | ||
paq | ||
par | ||
par2cmdline | ||
par2cmdline-tbb | ||
parchive | ||
pbzip2 | ||
pear-File_Archive | ||
pear-Horde_Compress | ||
pear-Horde_Compress_Fast | ||
pear-Horde_Pack | ||
pear-PHP_Archive | ||
peazip | ||
pecl-lzf | ||
pecl-rar | ||
php72-bz2 | ||
php72-phar | ||
php72-zip | ||
php72-zlib | ||
php73-bz2 | ||
php73-phar | ||
php73-zip | ||
php73-zlib | ||
php74-bz2 | ||
php74-phar | ||
php74-zip | ||
php74-zlib | ||
php-brotli | ||
php-horde_lz4 | ||
php-lz4 | ||
php-snappy | ||
php-zstd | ||
pigz | ||
pixz | ||
plzip | ||
ppmd | ||
ppmd-7z | ||
ppunpack | ||
pxz | ||
py-acefile | ||
py-backports.lzma | ||
py-borgbackup | ||
py-brotli | ||
py-brotlipy | ||
py-bup | ||
py-bz2file | ||
py-libarchive-c | ||
py-librtfcomp | ||
py-lz4 | ||
py-lzma | ||
py-lzstring | ||
py-pyliblzma | ||
py-python-lhafile | ||
py-python-lzo | ||
py-python-snappy | ||
py-rarfile | ||
py-rcssmin | ||
py-rjsmin | ||
py-warctools | ||
py-xopen | ||
py-zopfli | ||
py-zstandard | ||
py-zstd | ||
qpress | ||
quazip | ||
R-cran-zip | ||
rar | ||
rpm2cpio | ||
rpm4 | ||
rubygem-archive-tar-minitar | ||
rubygem-archive-zip | ||
rubygem-bzip2-ruby | ||
rubygem-fpm | ||
rubygem-libarchive | ||
rubygem-minitar | ||
rubygem-minitar-cli | ||
rubygem-ruby-xz | ||
rubygem-rubyzip | ||
rubygem-rubyzip2 | ||
rubygem-rubyzip13 | ||
rubygem-rubyzip20 | ||
rubygem-snappy | ||
rvm | ||
rzip | ||
sectar | ||
sharutils | ||
snappy | ||
snappy-java | ||
snzip | ||
squsq | ||
star | ||
stuffit | ||
szip | ||
tardy | ||
thunar-archive-plugin | ||
torrentzip | ||
ucl | ||
unace | ||
unadf | ||
unalz | ||
unarchiver | ||
unarj | ||
unarr | ||
undms | ||
unfoo | ||
unlzx | ||
unmakeself | ||
unmass | ||
unrar | ||
unrar-iconv | ||
unshield | ||
unzip | ||
unzoo | ||
upx | ||
urbackup-client | ||
urbackup-server | ||
v1541commander | ||
xar | ||
xarchive | ||
xarchiver | ||
xdms | ||
xmill | ||
xpk | ||
zip | ||
zip-ada | ||
zipmix | ||
zipper | ||
zoo | ||
zopfli | ||
zstd | ||
zutils | ||
Makefile |