Bug 1862464 (CVE-2020-16116)
| Summary: | CVE-2020-16116 ark: maliciously crafted archive can install files anywhere in the user's home directory | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | jreznik, kde-sig, rdieter, than |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ark 20.04.3-3 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-08-24 21:15:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1862465, 1862466, 1870161 | ||
| Bug Blocks: | 1862467 | ||
|
Description
Marian Rehak
2020-07-31 13:41:44 UTC
Created ark tracking bugs for this issue: Affects: epel-8 [bug 1862466] Affects: fedora-all [bug 1862465] it's fixed in ark-20.04.3-3 FEDORA-2020-cac5ae9b6e has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report. Statement: ark as shipped with Red Hat Enterprise Linux 7 prompts the user before allowing extraction into home directory, and also displays an error. Because the user must agree to perform the extraction in the home directory, Red Hat Product Security does not view this as a security vulnerability in ark as shipped with Red Hat Enterprise Linux 7. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-16116 |