USN-7349-1: RAR vulnerabilities
12 March 2025
Several security issues were fixed in RAR.
Releases
Packages
- rar - Archiver for .rar files
Details
It was discovered that RAR incorrectly handled certain paths. If a user or
automated system were tricked into extracting a specially crafted RAR
archive, a remote attacker could possibly use this issue to write arbitrary
files outside of the targeted directory. (CVE-2022-30333)
It was discovered that RAR incorrectly handled certain recovery volumes. If
a user or automated system were tricked into extracting a specially crafted
RAR archive, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-40477)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
Ubuntu 20.04
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.