------------------------------------------------------------------------- Debian LTS Advisory DLA-4046-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany February 08, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : ark Version : 4:20.12.2-1+deb11u1 CVE ID : CVE-2024-57966 A flaw was discovered in ark, an archive utility for the KDE platform. Ark extracted archives with absolute paths to the corresponding location on the user's file system. Absolute paths are now treated as relative paths to prevent overwriting of sensitive information. For Debian 11 bullseye, this problem has been fixed in version 4:20.12.2-1+deb11u1. We recommend that you upgrade your ark packages. For the detailed security status of ark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ark Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part