* Forwarded from LISTS.UBUNTU-SECURITY by Sean Rima (21:1/229.1).
* Originally by: Linux Ubuntu Security List (2:263/1), 12 Mar 25 20:20.
* Originally to: all.
========================================================================== Ubuntu Security Notice USN-7349-1
March 12, 2025
rar vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in RAR.
Software Description:
- rar: Archiver for .rar files
Details:
It was discovered that RAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333)
It was discovered that RAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-40477)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS
rar 2:6.23-1~22.04.1
Ubuntu 20.04 LTS
rar 2:6.23-1~20.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7349-1
CVE-2022-30333, CVE-2023-40477
Package Information:
https://launchpad.net/ubuntu/+source/rar/2:6.23-1~22.04.1
https://launchpad.net/ubuntu/+source/rar/2:6.23-1~20.04.1
--- BBBS/LiR v4.10 Toy-7
* Origin: TCOB1: https/binkd/telnet binkd.rima.ie (2:263/1)
Hello everybody!
Sean
... TCOB1:
https://binkd.rima.ie telnet: binkd.rima.ie
--- GoldED+/LNX 1.1.5-b20240309
* Origin: <-Sean's Pointless Point-> (21:1/229.1)