GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Sep 25, 2017 10:26 pm Post subject: [ GLSA 201709-24 ] RAR, UnRAR |
|
|
Gentoo Linux Security Advisory
Title: RAR, UnRAR: Multiple vulnerabilities (GLSA 201709-24)
Severity: normal
Exploitable: remote
Date: 2017-09-25
Bug(s): #622342, #628182, #628184
ID: 201709-24
Synopsis
Multiple vulnerabilities have been found in RAR and UnRAR, the
worst of which may allow attackers to execute arbitrary code.
Background
RAR and UnRAR provide command line interfaces for compressing and
decompressing RAR files.
Affected Packages
Package: app-arch/rar
Vulnerable: < 5.5.0_p20170811
Unaffected: >= 5.5.0_p20170811
Architectures: All supported architectures
Package: app-arch/unrar
Vulnerable: < 5.5.7
Unaffected: >= 5.5.7
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in RAR and UnRAR. Please
review the referenced CVE identifiers for details.
Impact
A remote attacker, by enticing a user to open a specially crafted RAR,
could possibly execute arbitrary code with the privileges of the process
or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All RAR users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rar-5.5.0_p20170811"
| All UnRAR users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/unrar-5.5.7"
|
References
CVE-2012-6706
CVE-2017-12940
CVE-2017-12941
CVE-2017-12942
Last edited by GLSA on Fri Sep 29, 2017 4:18 am; edited 1 time in total |
|