ASA-201701-18 generated external raw

[ASA-201701-18] ark: arbitrary command execution
Arch Linux Security Advisory ASA-201701-18 ========================================== Severity: High Date : 2017-01-13 CVE-ID : CVE-2017-5330 Package : ark Type : arbitrary command execution Remote : No Link : Summary ======= The package ark before version 16.12.1-1 is vulnerable to arbitrary command execution. Resolution ========== Upgrade to 16.12.1-1. # pacman -Syu "ark>=16.12.1-1" The problem has been fixed upstream in version 16.12.1. Workaround ========== None. Description =========== Opening an url with ark will call KRUN::runURL() which detects the mime-type of the url and runs the appropriate service for that mimetype when found. This leads to unintended execution of scripts and executable files. Impact ====== An attacker can execute arbitrary command on the affected host by tricking a user into opening an executable file from an archive. References ==========