Debian alert DLA-4046-1 (ark)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 4046-1] ark security update | |
| Date: | Sat, 08 Feb 2025 18:59:50 +0100 | |
| Message-ID: | <be2c9ca4b4370daf89f43c4e9a4cdb5497110a96.camel@debian.org> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4046-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany February 08, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : ark Version : 4:20.12.2-1+deb11u1 CVE ID : CVE-2024-57966 A flaw was discovered in ark, an archive utility for the KDE platform. Ark extracted archives with absolute paths to the corresponding location on the user's file system. Absolute paths are now treated as relative paths to prevent overwriting of sensitive information. For Debian 11 bullseye, this problem has been fixed in version 4:20.12.2-1+deb11u1. We recommend that you upgrade your ark packages. For the detailed security status of ark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmenm5ZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQHJg/6A6npEIU4m7iWlk+R5mvwMlvKxNCCHS3EE/ZJ1TRQexVY4+meA5qp6dFV XQeR8lSI5ZJ3mxQJhb2UYncU7qey7O7aN5LZemCHkxYqpnk/pi14YBkDZqjY27mB KAd0Edcr2UaUEvhr+mcxyLtZQSjZ8ILAXao71AIhZUJQLC77Ar4l1m5QxeCg5k5u iUykyR250eYZL+bwkjieoRY8tYtKX7M5rPwcp6LEVGgQiDZ7CLi2kKziWFV27cxE CBBlv3HbApxwK+jRqI2/9NmwFF1BeYX333nfss3mUPNclglAX0Fbw1r97lDaaR5h BThCECB2vwGWuydojNQFY5Sb/q+F1CccUhaI7DowVvFiB0i6N7GmuVgfdFRQO6W+ PUgvoxN6Cs7iYCwc7B45VQcJgkKOxsu2oL0jjGzg7h8ccVvPUrPZqUNC0jhsogMN zKFOeajTu1aTljO8Yux02PA4u9zxLqTlQS0Paz0fKWR5Jji3lTMj/YZJvuK//KE8 dZrhBw2FW4rzsKFwY/d34wc0hWNnNhyg3mwiIYDUjU2/QZS5sOJ8gblZZDV3ozpA BieKPhgE9mw46QrntLrdSiB0fNpqDuQUWzNW/0WL0pIt+0P/6pa2/92UCRAHpBP1 1gCXusnzNh7XZmKKT4YB8Zc+zp3xPi7CmhzQJRHJlh/j1PgTZ7c= =aaRH -----END PGP SIGNATURE-----