Subj : [USN-7349-1] RAR vulnerabilities To : All From : Sean Rima Date : Wed Mar 12 2025 08:23 pm * Forwarded from LISTS.UBUNTU-SECURITY by Sean Rima (21:1/229.1). * Originally by: Linux Ubuntu Security List (2:263/1), 12 Mar 25 20:20. * Originally to: all. ========================================================================== Ubuntu Security Notice USN-7349-1 March 12, 2025 rar vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in RAR. Software Description: - rar: Archiver for .rar files Details: It was discovered that RAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333) It was discovered that RAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS rar 2:6.23-1~22.04.1 Ubuntu 20.04 LTS rar 2:6.23-1~20.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7349-1 CVE-2022-30333, CVE-2023-40477 Package Information: https://launchpad.net/ubuntu/+source/rar/2:6.23-1~22.04.1 https://launchpad.net/ubuntu/+source/rar/2:6.23-1~20.04.1 --- BBBS/LiR v4.10 Toy-7 * Origin: TCOB1: https/binkd/telnet binkd.rima.ie (2:263/1) Hello everybody! Sean .... TCOB1: https://binkd.rima.ie telnet: binkd.rima.ie --- GoldED+/LNX 1.1.5-b20240309 * Origin: <-Sean's Pointless Point-> (21:1/229.1) .