Subj : [USN-7349-1] RAR vulnerabilities
To   : All
From : Sean Rima
Date : Wed Mar 12 2025 20:22:15

* Replying to a msg in LISTS.UBUNTU-SECURITY (LISTS.UBUNTU-SECURITY)


Hello everybody!

12 Mar 25 20:20, Linux Ubuntu Security List wrote to all:


 LL> ======================================================================
 LL> ==== Ubuntu Security Notice USN-7349-1 March 12, 2025

 LL> rar vulnerabilities
 LL> ======================================================================
 LL> ====

 LL> A security issue affects these releases of Ubuntu and its derivatives:

 LL> - Ubuntu 22.04 LTS
 LL> - Ubuntu 20.04 LTS

 LL> Summary:

 LL> Several security issues were fixed in RAR.

 LL> Software Description:
 LL> - rar: Archiver for .rar files

 LL> Details:

 LL> It was discovered that RAR incorrectly handled certain paths. If a
 LL> user or automated system were tricked into extracting a specially
 LL> crafted RAR archive, a remote attacker could possibly use this issue
 LL> to write arbitrary files outside of the targeted directory.
 LL> (CVE-2022-30333)

 LL> It was discovered that RAR incorrectly handled certain recovery
 LL> volumes. If a user or automated system were tricked into extracting a
 LL> specially crafted RAR archive, a remote attacker could possibly use
 LL> this issue to execute arbitrary code. (CVE-2023-40477)

 LL> Update instructions:

 LL> The problem can be corrected by updating your system to the following
 LL> package versions:

 LL> Ubuntu 22.04 LTS
 LL>   rar                             2:6.23-1~22.04.1

 LL> Ubuntu 20.04 LTS
 LL>   rar                             2:6.23-1~20.04.1

 LL> This update uses a new upstream release, which includes additional bug
 LL> fixes. In general, a standard system update will make all the
 LL> necessary changes.

 LL> References:
 LL>   https://ubuntu.com/security/notices/USN-7349-1
 LL>   CVE-2022-30333, CVE-2023-40477

 LL> Package Information:
 LL>   https://launchpad.net/ubuntu/+source/rar/2:6.23-1~22.04.1
 LL>   https://launchpad.net/ubuntu/+source/rar/2:6.23-1~20.04.1

 LL> --- BBBS/LiR v4.10 Toy-7
 LL>  * Origin: TCOB1: https/binkd/telnet binkd.rima.ie (2:263/1)

Sean


.... TCOB1: https://binkd.rima.ie telnet: binkd.rima.ie
--- GoldED+/LNX 1.1.5-b20240309
 * Origin:  <-Sean's Pointless Point->  (618:500/1.1)

.