* Forwarded from LISTS.UBUNTU-SECURITY by Sean Rima (21:1/229.1).
* Originally by: Linux Ubuntu Security List (2:263/1), 12 Mar 25 20:20.
* Originally to: all.


========================================================================== Ubuntu Security Notice USN-7349-1
March 12, 2025

rar vulnerabilities ==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in RAR.

Software Description:
- rar: Archiver for .rar files

Details:

It was discovered that RAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333)

It was discovered that RAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-40477)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS
rar 2:6.23-1~22.04.1

Ubuntu 20.04 LTS
rar 2:6.23-1~20.04.1

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7349-1
CVE-2022-30333, CVE-2023-40477

Package Information:
https://launchpad.net/ubuntu/+source/rar/2:6.23-1~22.04.1
https://launchpad.net/ubuntu/+source/rar/2:6.23-1~20.04.1

--- BBBS/LiR v4.10 Toy-7
* Origin: TCOB1: https/binkd/telnet binkd.rima.ie (2:263/1)


Hello everybody!


Sean


... TCOB1: https://binkd.rima.ie telnet: binkd.rima.ie
--- GoldED+/LNX 1.1.5-b20240309
* Origin: <-Sean's Pointless Point-> (21:1/229.1)