Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4738-1:72465
HistoryJul 31, 2020 - 8:17 p.m.

[SECURITY] [DSA 4738-1] ark security update

2020-07-3120:17:16
lists.debian.org
11
ark
security update
cve-2020-16116
debian
package
extraction paths

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

3.4

Confidence

High

EPSS

0.001

Percentile

50.4%

JSON

Debian Security Advisory DSA-4738-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
July 31, 2020 https://www.debian.org/security/faq

Package : ark
CVE ID : CVE-2020-16116

Dominik Penner discovered that the Ark archive manager did not sanitise
extraction paths, which could result in maliciously crafted archives
writing outside the extraction directory.

For the stable distribution (buster), this problem has been fixed in
version 4:18.08.3-1+deb10u1.

We recommend that you upgrade your ark packages.

For the detailed security status of ark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ark

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10ppc64elark< 4:18.08.3-1+deb10u1ark_4:18.08.3-1+deb10u1_ppc64el.deb
Debian9i386ark< 4:16.08.3-2+deb9u1ark_4:16.08.3-2+deb9u1_i386.deb
Debian10amd64ark< 4:18.08.3-1+deb10u1ark_4:18.08.3-1+deb10u1_amd64.deb
Debian10s390xark< 4:18.08.3-1+deb10u1ark_4:18.08.3-1+deb10u1_s390x.deb
Debian10mipselark< 4:18.08.3-1+deb10u1ark_4:18.08.3-1+deb10u1_mipsel.deb
Debian10mipsark-dbgsym< 4:18.08.3-1+deb10u1ark-dbgsym_4:18.08.3-1+deb10u1_mips.deb
Debian9allark< 4:16.08.3-2+deb9u1ark_4:16.08.3-2+deb9u1_all.deb
Debian10arm64ark< 4:18.08.3-1+deb10u1ark_4:18.08.3-1+deb10u1_arm64.deb
Debian10mips64elark-dbgsym< 4:18.08.3-1+deb10u1ark-dbgsym_4:18.08.3-1+deb10u1_mips64el.deb
Debian10s390xark-dbgsym< 4:18.08.3-1+deb10u1ark-dbgsym_4:18.08.3-1+deb10u1_s390x.deb
Rows per page:
1-10 of 271

Related

redhatcve 1
prion 1
veracode 1
fedora 2
nessus 8
osv 4
ubuntucve 1
openvas 7
suse 2
gentoo 1
cvelist 1
alpinelinux 1
freebsd 1
cve 1
mageia 1
ubuntu 1
nvd 1
debiancve 1
debian 1
redhatcve
redhatcve
CVE-2020-16116
2020-07-31 13:44:23
prion
prion
Directory traversal
2020-08-03 20:15:00
veracode
veracode
Directory Traversal
2020-08-18 08:29:40
fedora
fedora
[SECURITY] Fedora 31 Update: ark-20.04.3-3.fc31
2020-08-09 03:12:53
[SECURITY] Fedora 32 Update: ark-20.04.3-3.fc32
2020-08-13 01:38:47
nessus
nessus
Fedora 32 : ark (2020-e2fe8f0165)
2020-08-13 00:00:00
openSUSE Security Update : ark (openSUSE-2020-1183)
2020-08-13 00:00:00
GLSA-202008-03 : Ark: Arbitrary code execution
2020-08-10 00:00:00
osv
osv
CVE-2020-16116
2020-08-03 20:15:13
ark - security update
2020-07-31 00:00:00
ark-21.08.1-1.2 on GA media
2024-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2020-16116
2020-08-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4461-1)
2020-08-19 00:00:00
openSUSE: Security Advisory for ark (openSUSE-SU-2020:1183-1)
2020-08-13 00:00:00
Fedora: Security Advisory for ark (FEDORA-2020-cac5ae9b6e)
2020-08-10 00:00:00
suse
suse
Security update for ark (moderate)
2020-08-12 00:00:00
Security update for ark (moderate)
2020-09-18 00:00:00
gentoo
gentoo
Ark: Arbitrary code execution
2020-08-08 00:00:00
cvelist
cvelist
CVE-2020-16116
2020-08-03 19:34:07
alpinelinux
alpinelinux
CVE-2020-16116
2020-08-03 20:15:13
freebsd
freebsd
ark -- directory traversal
2020-07-30 00:00:00
cve
cve
CVE-2020-16116
2020-08-03 20:15:13
mageia
mageia
Updated ark packages fix security vulnerability
2020-08-18 20:41:27
ubuntu
ubuntu
Ark vulnerability
2020-08-18 00:00:00
nvd
nvd
CVE-2020-16116
2020-08-03 20:15:13
debiancve
debiancve
CVE-2020-16116
2020-08-03 20:15:13
debian
debian
[SECURITY] [DLA 3015-1] ark security update
2022-05-20 12:06:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

3.4

Confidence

High

EPSS

0.001

Percentile

50.4%

JSON
Related for DEBIAN:DSA-4738-1:72465
redhatcve1prion1veracode1fedora2nessus8osv4ubuntucve1openvas7suse2gentoo1cvelist1alpinelinux1freebsd1cve1mageia1ubuntu1nvd1debiancve1debian1