========================================================================== Ubuntu Security Notice USN-7350-1 March 12, 2025 unrar-nonfree vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in UnRAR. Software Description: - unrar-nonfree: Unarchiver for .rar files Details: It was discovered that UnRAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333, CVE-2022-48579) It was discovered that UnRAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477) Siddharth Dushantha discovered that UnRAR incorrectly handled ANSI escape sequences when writing screen output. If a user or automated system were tricked into processing a specially crafted RAR archive, a remote attacker could possibly use this issue to spoof screen output or cause a denial of service. (CVE-2024-33899) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libunrar5 1:6.1.5-1ubuntu0.1 unrar 1:6.1.5-1ubuntu0.1 Ubuntu 20.04 LTS libunrar5 1:5.6.6-2ubuntu0.1 unrar 1:5.6.6-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7350-1 CVE-2022-30333, CVE-2022-48579, CVE-2023-40477, CVE-2024-33899 Package Information: https://launchpad.net/ubuntu/+source/unrar-nonfree/1:6.1.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/unrar-nonfree/1:5.6.6-2ubuntu0.1