------------------------------------------------------------------------- Debian LTS Advisory DLA-3535-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 17, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : unrar-nonfree Version : 1:5.6.6-1+deb10u3 CVE ID : CVE-2022-48579 It was discovered that UnRAR, an unarchiver for rar files, allows extraction of files outside of the destination folder via symlink chains. For Debian 10 buster, this problem has been fixed in version 1:5.6.6-1+deb10u3. We recommend that you upgrade your unrar-nonfree packages. For the detailed security status of unrar-nonfree please refer to its security tracker page at: https://security-tracker.debian.org/tracker/unrar-nonfree Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS: DLA-3535-1: unrar-nonfree security update
August 17, 2023
It was discovered that UnRAR, an unarchiver for rar files, allows extraction of files outside of the destination folder via symlink chains
Summary
Severity
Package : unrar-nonfree
Version : 1:5.6.6-1+deb10u3
CVE ID : CVE-2022-48579
News
HOWTOs
Features
About Us
Powered By
