Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
172
security advisorydenial of servicesoftware updateUbuntu 7350-1: UnRAR Security Advisory Updates
Several security issues were fixed in UnRAR.. ========================================================================== Ubuntu Security Notice USN-7350-1 March 12, 2025 unrar-nonfree vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in UnRAR. Software Description: - unrar-nonfree: Unarchiver for .rar files Details: It was discovered that UnRAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333, CVE-2022-48579) It was discovered that UnRAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477) Siddharth Dushantha discovered that UnRAR incorrectly handled ANSI escape sequences when writing screen output. If a user or automated system were tricked into processing a specially crafted RAR archive, a remote attacker could possibly use this issue to spoof screen output or cause a denial of service. (CVE-2024-33899) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libunrar5 1:6.1.5-1ubuntu0.1 unrar 1:6.1.5-1ubuntu0.1 Ubuntu 20.04 LTS libunrar5 1:5.6.6-2ubuntu0.1 unrar 1:5.6.6-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7350-1 CVE-2022-30333, CVE-2022-48579, CVE-2023-40477, CVE-2024-33899 PackageInformation: https://launchpad.net/ubuntu/+source/unrar-nonfree/1:6.1.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/unrar-nonfree/1:5.6.6-2ubuntu0.1 . Security updates for UnRAR on Ubuntu 22.04 and 20.04 fix multiple vulnerabilities reported in March 2025.. security, unrar, =======================================================. . Severity: Important. LinuxSecurity.com Team
Mar 12, 2025
•Important
Ubuntu
100
security advisorydenial of servicesoftware updateSUSE Linux Enterprise 12 SP5: 2024:1975-1 Critical: Unrar DoS Vulnerability
* bsc#1225661 Cross-References: * CVE-2024-33899 . # Security update for unrar Announcement ID: SUSE-SU-2024:1975-1 Rating: important References: * bsc#1225661 Cross-References: * CVE-2024-33899 CVSS scores: * CVE-2024-33899 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for unrar fixes the following issues: * CVE-2024-33899: Fixed a denial of service via ANSI escape squences. (bsc#1225661) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-1975=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1975=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1975=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1975=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * unrar-debugsource-5.6.1-4.11.1 * libunrar5_6_1-5.6.1-4.11.1 * libunrar-devel-5.6.1-4.11.1 * unrar-debuginfo-5.6.1-4.11.1 * libunrar5_6_1-debuginfo-5.6.1-4.11.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * unrar-5.6.1-4.11.1 * unrar-debugsource-5.6.1-4.11.1 * unrar-debuginfo-5.6.1-4.11.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * unrar-5.6.1-4.11.1 *unrar-debugsource-5.6.1-4.11.1 * unrar-debuginfo-5.6.1-4.11.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * unrar-5.6.1-4.11.1 * unrar-debugsource-5.6.1-4.11.1 * unrar-debuginfo-5.6.1-4.11.1 ## References: * https://www.suse.com/security/cve/CVE-2024-33899.html * https://bugzilla.suse.com/show_bug.cgi?id=1225661 . Critical security enhancement for unrar with key patch details targeting SUSE Linux systems to resolve potential denial of service vulnerabilities.. SUSE Linux, Unrar Update, Denial Of Service, Security Patch. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2024
•Important
SuSE
203
security advisorycriticalcode executionMageia 8 & 9 MGASA-2023-0258 Critical Remote Execution Patch
Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. (CVE-2023-40477) References: - https://bugs.mageia.org/show_bug.cgi?id=32205 . MGASA-2023-0258 - Updated unrar packages fix security vulnerability Publication date: 11 Sep 2023 URL: https://advisories.mageia.org/MGASA-2023-0258.html Type: security Affected Mageia releases: 8, 9 CVE: CVE-2023-40477 Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. (CVE-2023-40477) References: - https://bugs.mageia.org/show_bug.cgi?id=32205 - https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html - https://www.cve.org/CVERecord?id=CVE-2023-40477 SRPMS: - 9/nonfree/unrar-6.23-1.mga9.nonfree - 8/nonfree/unrar-6.23-1.mga8.nonfree . Revised unrar distributions resolve a significant remote code execution vulnerability in Mageia 8 and 9, as specified in MGASA-2023-0258.. Mageia Updates, Unrar Patches, Security Advisories, Remote Code Execution. . Severity: Critical. LinuxSecurity.com Team
Sep 11, 2023
•Critical
Mageia
197
security advisorycriticalsoftware updateDebian 10 DLA-3542-1 Critical: UnRAR Remote Code Execution Fix
A specific flaw within the processing of recovery volumes exists in UnRAR, an unarchiver for rar files. It allows remote attackers to execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability. The target must visit a malicious page or open a malicious rar . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3542-1
Aug 26, 2023
•Critical
Debian LTS
203
security advisorydirectory traversalfile accessMageia 8: MGASA-2022-0206 Moderate: Unrar Directory Traversal Threat
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. (CVE-2022-30333) References: . MGASA-2022-0206 - Updated unrar packages fix security vulnerability Publication date: 25 May 2022 URL: https://advisories.mageia.org/MGASA-2022-0206.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-30333 RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. (CVE-2022-30333) References: - https://bugs.mageia.org/show_bug.cgi?id=30453 - https://www.suse.com/security/cve/CVE-2022-30333.html - https://www.cve.org/CVERecord?id=CVE-2022-30333 SRPMS: - 8/nonfree/unrar-6.00-3.1.mga8.nonfree . New release of unrar 6.12 addresses vulnerabilities related to directory traversal and improper file access permissions on Mageia environments.. Unrar Security,Mageia Update,Directory Traversal Fix,File Access Vulnerability. . LinuxSecurity.com Team
May 25, 2022
Mageia
100
security advisorymoderatedirectory traversalSUSE: 2022:1760-1 Moderate: Unrar Directory Traversal Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for unrar ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1760-1 Rating: moderate References: #1199349 Cross-References: CVE-2022-30333 CVSS scores: CVE-2022-30333 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-30333 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for unrar fixes the following issues: - CVE-2022-30333: Fixed directory traversal issue that allowed writing to non-designated paths (bsc#1199349). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1760=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1760=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libunrar-devel-5.6.1-4.8.1 libunrar5_6_1-5.6.1-4.8.1 libunrar5_6_1-debuginfo-5.6.1-4.8.1 unrar-debuginfo-5.6.1-4.8.1 unrar-debugsource-5.6.1-4.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): unrar-5.6.1-4.8.1 unrar-debuginfo-5.6.1-4.8.1 unrar-debugsource-5.6.1-4.8.1 References: https://www.suse.com/security/cve/CVE-2022-30333.html https://bugzilla.suse.com/1199349 . SUSE has released a security update for unrar, which resolves a moderate vulnerability related to directory traversal; more information available within.. SUSE Unrar, Security Advisory, Directory Traversal, Software Update. . LinuxSecurity.com Team
May 19, 2022
SuSE
100
security advisorymoderatebuffer overflowSUSE: 2021:2834-1 Moderate: Unrar Buffer Overflow Threat
An update that fixes 6 vulnerabilities, contains one feature is now available. . SUSE Security Update: Security update for unrar ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2834-1 Rating: moderate References: #1046882 #1054038 #1187974 SLE-20843 Cross-References: CVE-2012-6706 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 CVE-2017-20006 CVSS scores: CVE-2012-6706 (SUSE): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-12938 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2017-12938 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2017-12940 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-12940 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-12941 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-12941 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-12942 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-12942 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2017-20006 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-20006 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 6 vulnerabilities, contains one feature is now available. Description: This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). - CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2834=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2834=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2834=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2834=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2834=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2834=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2834=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2834=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2834=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2834=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2834=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE OpenStack Cloud 9 (x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE OpenStack Cloud 8 (x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libunrar-devel-5.6.1-4.5.1 libunrar5_6_1-5.6.1-4.5.1 libunrar5_6_1-debuginfo-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): unrar-5.6.1-4.5.1 unrar-debuginfo-5.6.1-4.5.1 unrar-debugsource-5.6.1-4.5.1 References: https://www.suse.com/security/cve/CVE-2012-6706.html https://www.suse.com/security/cve/CVE-2017-12938.html https://www.suse.com/security/cve/CVE-2017-12940.html https://www.suse.com/security/cve/CVE-2017-12941.html https://www.suse.com/security/cve/CVE-2017-12942.html https://www.suse.com/security/cve/CVE-2017-20006.html https://bugzilla.suse.com/1046882 https://bugzilla.suse.com/1054038 https://bugzilla.suse.com/1187974 . SUSE Security Notification for unrar: addresses 6 vulnerabilities. Notice ID: SUSE-SU-2021:2834-1 with a moderate severity level.. Unrar Update, SUSE Security Advisory, Linux Server Patch, Directory Traversal Fix. . Severity: Important. LinuxSecurity.com Team
Aug 25, 2021
•Important
SuSE
91
security advisorygentoocode executionGentoo: GLSA-201709-24 Moderate: RAR And UnRAR Code Execution
Multiple vulnerabilities have been found in RAR and UnRAR, the worst of which may allow attackers to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201709-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: RAR, UnRAR: Multiple vulnerabilities Date: September 25, 2017 Bugs: #622342, #628182, #628184 ID: 201709-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in RAR and UnRAR, the worst of which may allow attackers to execute arbitrary code. Background ========= RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/rar < 5.5.0_p20170811 > = 5.5.0_p20170811 2 app-arch/unrar < 5.5.7 > = 5.5.7 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in RAR and UnRAR. Please review the referenced CVE identifiers for details. Impact ===== A remote attacker, by enticing a user to open a specially crafted RAR, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All RAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-arch/rar-5.5.0_p20170811" All UnRARusers should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-arch/unrar-5.5.7" References ========= [ 1 ] CVE-2012-6706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6706 [ 2 ] CVE-2017-12940 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12940 [ 3 ] CVE-2017-12941 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12941 [ 4 ] CVE-2017-12942 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12942 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201709-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 25, 2017
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!