Описание
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| unrar-nonfree | fixed | 1:6.1.7-1 | package | |
| unrar-nonfree | fixed | 1:6.0.3-1+deb11u1 | bullseye | package |
| unrar-nonfree | fixed | 1:5.6.6-1+deb10u1 | buster | package |
| unrar-nonfree | no-dsa | stretch | package | |
| rar | fixed | 2:6.20~b1-0.1 | package | |
| rar | fixed | 2:6.20-0.1~deb11u1 | bullseye | package |
| rar | no-dsa | stretch | package |
Примечания
6.12 application version corresponds to 6.1.7 source version:
https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7
Связанные уязвимости
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Уязвимость средства разархивирования файлов UnRAR, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю перезаписать произвольные файлы