UbuntuUpdates.org

Package "unrar-nonfree"

Name: unrar-nonfree

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Unarchiver for .rar files (non-free version) - development files
  • Unarchiver for .rar files (non-free version) - development header files
  • Unarchiver for .rar files (non-free version) - shared library
  • Unarchiver for .rar files (non-free version)
Latest version: 1:6.1.5-1ubuntu0.1
Release: jammy (22.04)
Level: updates
Repository: multiverse

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "unrar-nonfree" in Jammy

Repository Area Version
security multiverse 1:6.1.5-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:6.1.5-1ubuntu0.1 2025-03-12 22:07:11 UTC

  unrar-nonfree (1:6.1.5-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: directory traversal issue
    - debian/patches/CVE-2022-30333.patch: introduce and use SafeCharToWide
      in ulinks.cpp.
    - CVE-2022-30333
  * SECURITY UPDATE: directory traversal via symlink chains
    - debian/patches/CVE-2022-48579.patch: properly handle symlinks in
      arcread.cpp, extinfo.cpp, extinfo.hpp, extract.cpp, extract.hpp,
      hardlinks.cpp, model.cpp, os.hpp, pathfn.cpp, timefn.hpp, ulinks.cpp,
      win32stm.cpp.
    - CVE-2022-48579
  * SECURITY UPDATE: code exec via recovery volume index validation
    - debian/patches/CVE-2023-40477.patch: improve checks in getbits.cpp,
      pathfn.cpp, recvol3.cpp, secpassword.cpp.
    - CVE-2023-40477
  * SECURITY UPDATE: ANSI escape sequence issue
    - debian/patches/CVE-2024-33899.patch: replace ESC in consio.cpp,
      log.cpp, strfn.cpp, strfn.hpp, resource.cpp, resource.hpp.
    - CVE-2024-33899

 -- Marc Deslauriers <email address hidden> Fri, 07 Mar 2025 08:48:58 -0500
CVE-2022-30333 RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by
CVE-2022-48579 UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
CVE-2023-40477 RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to e
CVE-2024-33899 RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape se


About   -   Send Feedback to @ubuntu_updates