-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmfR6HsFAwAAAAAACgkQZWnYVadEvpMp
MA/8C44s7GkcmOb1ZuHsJhqmGWdVnq58jr5g3akF7Nip8qXnKfcCjvRkbDsJKV5UjfdeLoIEQyNU
H5W7kmnj8ZNI9YSKCearHZKwm6aZ5Z/lyI6CnVePL7a9QC+E4ulYwKWjN4lRm7xGhwKvOLSFhAGl
Qv9dC/4K5CUGywqWUTviENHsXPj89rQ0gnD3TbdGHUhO+L0kZmCGCu/b5bik73FKkR3H9TFiuOMt
tPPvpir+ImQclZOM6YQaq7t0eeLgDZhc2ojRiY1GkBZ3xdGCk8sAF2B5/EqPXt+t38YJUF8tczTI
BjcgBbZcboNGCPrHzPmbZj4WnnHn6iYKft0swmpk6lyuXRMw4SWpQViomOuvFiSwO5oKa/WbxT7a
7XtbxyVPbyjKAHwse24RJeq+BKuLqE+Z++5ac37MpfT2u8/D4DK8Sv6TskA1fMt0KiVo65Ziyr8N
GV5SwrQh3MsWdlx4gooYtJa8JgL4FDRuD0TQLrScO6v2B7Cfnd/4e1UuutPnrGdPUfIYWFlQcB3F
u50rpes6ykv0A4ai2ltp88+v5z0itU5krKHAqekPgrU80+7vdiDI/Dn3WbhTN2Pqj5eMSjoClwv0
QEwV51bMHpii96KXI6u4qRFKW4YCcXyfVdf/x276WMnzk5SQm8ECyyU86DDgzfv5BU3vNRbIvb0O
dXc=
=VPQT
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7350-1
March 12, 2025
unrar-nonfree vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in UnRAR.
Software Description:
- unrar-nonfree: Unarchiver for .rar files
Details:
It was discovered that UnRAR incorrectly handled certain paths. If a user
or automated system were tricked into extracting a specially crafted RAR
archive, a remote attacker could possibly use this issue to write arbitrary
files outside of the targeted directory. (CVE-2022-30333, CVE-2022-48579)
It was discovered that UnRAR incorrectly handled certain recovery volumes.
If a user or automated system were tricked into extracting a specially
crafted RAR archive, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2023-40477)
Siddharth Dushantha discovered that UnRAR incorrectly handled ANSI escape
sequences when writing screen output. If a user or automated system were
tricked into processing a specially crafted RAR archive, a remote attacker
could possibly use this issue to spoof screen output or cause a denial of
service. (CVE-2024-33899)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libunrar5 1:6.1.5-1ubuntu0.1
unrar 1:6.1.5-1ubuntu0.1
Ubuntu 20.04 LTS
libunrar5 1:5.6.6-2ubuntu0.1
unrar 1:5.6.6-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7350-1
CVE-2022-30333, CVE-2022-48579, CVE-2023-40477, CVE-2024-33899
Package Information:
https://launchpad.net/ubuntu/+source/unrar-nonfree/1:6.1.5-1ubuntu0.1
https://launchpad.net/ubuntu/+source/unrar-nonfree/1:5.6.6-2ubuntu0.1
No comments:
Post a Comment