KDE archive tool flaw let hackers take over Linux accounts July 30, 2020 https://www.bleepingcomputer.com/ne...ol-flaw-let-hackers-take-over-linux-accounts/
Fixed in Groovy, earlier. Now also fixed in Bionic and Focal. KDE Project Security Advisory: Ark: maliciously crafted archive can install files outside the extraction directory. Publishing history of ark package in Ubuntu
A similar vulnerability patched: KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory. Publishing history of ark package in Ubuntu