Ubuntu alert USN-7349-1 (rar)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> | |
| Subject: | [USN-7349-1] RAR vulnerabilities | |
| Date: | Wed, 12 Mar 2025 16:02:47 -0400 | |
| Message-ID: | <d0344ee4-3f8a-40bd-acc7-aff13fd7e665@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7349-1 March 12, 2025 rar vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in RAR. Software Description: - rar: Archiver for .rar files Details: It was discovered that RAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333) It was discovered that RAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS rar 2:6.23-1~22.04.1 Ubuntu 20.04 LTS rar 2:6.23-1~20.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7349-1 CVE-2022-30333, CVE-2023-40477 Package Information: https://launchpad.net/ubuntu/+source/rar/2:6.23-1~22.04.1 https://launchpad.net/ubuntu/+source/rar/2:6.23-1~20.04.1
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmfR6GcFAwAAAAAACgkQZWnYVadEvpO9 iw//eBWGXnvS7qRYN/2jjMp/lTF3O3T5AWMg5Dq2giY2b0AlwbA0Y8XqBUPtaACx8QxZGyQ7OnWE GkKvHFflv22Xg9BHiZSGKEbd/Rflfuq2kGCQYfJYM1MaMfvu5f30YAFlQb+zsg93mnjyfU94IhAP jif1fQi8cARI7hUX341CqDxuEdiTdz9uyK+O47xoJWRaiFy9x8RgBDPgs4r7I70o5jpWDIdrsuAE erwhJHJLtFE5Bjo59TPhGY2hIAq9UQ1TXgRYpRvwWC29tMsVO9wRSvkELOeFnSiOkWibAqMPHX2x o87mh2i4ASiEfHmR4S85lPkWi20kb52rTKl5N4/oX/jX7TUGr+asVWfNd1wJiRKyaqhepdKbWbgw CADXk4zo3onTNi/s5fKGN5+tQDIXrwg8P1DM6cWwghCAfPQCSqSdAdBuDI5JWlQad1cI/96TlI+w ZbDXO05SsnUyfVhzppjKuzvhnw/rp23GeH4xjKva5ZuUwB9Wab15Ass0bDNcv/JcVBlTn6LthBWd IiYW8Ui6mAyGHbLb+b8wsj4eYQclVpgdMJWgdYCrTE5UqmuO56kRWmhdHCRdPtpoUEpk0a1aQ+ax MdBx3dti8s7Zk/7BX5QiP0QLP4aFy/DHm9EldQA1cfjc0h+V3bDJ5AjS8JIfAzdinRwOGUUYioFw upo= =lCaz -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)