Several security issues were fixed in UnRAR.
Software Description:
- unrar-nonfree: Unarchiver for .rar files
Details:
It was discovered that UnRAR incorrectly handled certain paths. If a user
or automated system were tricked into extracting a specially crafted RAR
archive, a remote attacker could possibly use this issue to write arbitrary
files outside of the targeted directory. (CVE-2022-30333, CVE-2022-48579)
It was discovered that UnRAR incorrectly handled certain recovery volumes.
If a user or automated system were tricked into extracting a specially
crafted RAR archive, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2023-40477)
Siddharth Dushantha discovered that UnRAR incorrectly handled ANSI escape
sequences when writing screen output. If a user or automated system were
tricked into processing a specially crafted RAR archive, a remote attacker
could possibly use this issue to spoof screen output or cause a denial of
...
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libunrar5 1:6.1.5-1ubuntu0.1 unrar 1:6.1.5-1ubuntu0.1 Ubuntu 20.04 LTS libunrar5 1:5.6.6-2ubuntu0.1 unrar 1:5.6.6-2ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7350-1
CVE-2022-30333, CVE-2022-48579, CVE-2023-40477, CVE-2024-33899
Get the latest Linux and open source security news straight to your inbox.