A vulnerability was found in ark. The "Open" functionality of ark can inadvertently run shell scripts or other executable entries in the archive. Upstream bug: https://bugs.kde.org/show_bug.cgi?id=374572 References: http://seclists.org/oss-sec/2017/q1/45 Upstream patch: https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
Created ark tracking bugs for this issue: Affects: fedora-all [bug 1411822]
it's already fixed in fedora git branch
Unable to reproduce on ark-4 in Red Hat Enterprise Linux 7: the script is opened in an internal viewer rather than executed. According to a comment on the Debian tracker, the affected functionality was introduced post ark-15.11.80.