Vulnerability: Arbitrary code execution GLSA ID: 202008-03 Affected Package: kde-apps/ark Affected Versions: =20.04.3-r1 Severity: Normal Exploitable: Remote Description: - "A maliciously crafted archive with "../" in the file path(s) could install files anywhere in the user's home directory upon extraction." - A remote attacker could entice a user to open a specially crafted archive, allowing for arbitrary code execution under the context of the process or causing a Denial of Service condition. Background: - "Ark is a graphical file compression/decompression utility compatible with various formats." Workaround: Avoid opening untrusted archives. Resolution: Upgrade to latest version: References: CVE-2020-16116