*** This bug is a security vulnerability *** Public security bug reported:
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. This is CVE-2022-30333. unrar 6.12 is the fixed version, in Ubuntu versioning it would be called 1:6.1.7. https://nvd.nist.gov/vuln/detail/CVE-2022-30333 ** Affects: unrar-nonfree (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-30333 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1975722 Title: unrar has an open security bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unrar-nonfree/+bug/1975722/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
