oss-sec mailing list archives
Re: ark vulnerability: need CVE
From: <cve-assign () mitre org>
Date: Mon, 9 Jan 2017 22:58:27 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
The problem is that the "Open" functionality of ark would run shell scripts, this is quite unexpected. The title for the advisory we're preparing is Ark: unintended execution of scripts and executable files https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
Stop running executables when opening urls This is a security risk because it's not clear when an entry in an archive is an executable. BUG: 374572 FIXED-IN: 16.12.1 part/part.cpp
Use CVE-2017-5330. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYdFt9AAoJEHb/MwWLVhi2O1cP/j2jfRgKsZmXXe0W8jJ6E7Kv cIWbn9rinS+2a+EpZFPBapmQlLEgG9ONtne7HxEZcotGaG8R3Mxe10S02tsfs2JO CV8gAddvtB5KPAhRwca+A67ZyTQNT9Dci7tirO2ybyEFd5yeUw+QDSSJ86ccr2PZ HxKbHvK6u0F1LTU9mvdZA7pEdK/SJkNirX3xZN8O+EFr0IAi2ZY/ddOB2XRg+SXI 37/sLuoLytE0XzZpzQd88xkA/zh7U7BNwmIoDO3Lkl4AnbJVg2Onq/UsjNomZL2o HJcKrMmN1iexeIUHbu7Td8S9gZO4cOXstPlhtyczR4gFcck3aS1XJqGDRXJPskGW dSgVQIVzjGEDoTGTmtj2R1aBKl2D4clQuI6XTlnxoCFnJVIBvTsJYJrMpu2GwM1i zzHPkCPQrkP1o5Q7D6JY8QgHyeUFxYDgYZSYfwY9EQb2sApryLu1sWJU508PlRpF Db8TqayWIv43/W7A3+GYvqJgV2W5aqmC6g3K4twPgf7hutkClXdAKFScfrnPj6Vl fLEdkClmCOPnTzxf1p/+T0wdSoZpSXeEdHDqp114K+sUm2E40AngsiUKwLpOsVq/ eYGRsiimFoFD3Q5y1W6qMkx3bxUohBVGm4kLwTtTEyS9Wxj6BGbNif4rmoImqAkq QL8FSCznwEMU4rixmDum =tetf -----END PGP SIGNATURE-----
Current thread:
- ark vulnerability: need CVE Albert Astals Cid (Jan 09)
- Re: ark vulnerability: need CVE cve-assign (Jan 09)