ELA-922-1 rar security update

directory traversal

2023-08-16
Packagerar
Version2:6.20-0.1~deb9u1 (stretch)
Related CVEs CVE-2022-30333


The RAR archiver allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.



For Debian 9 stretch, these problems have been fixed in version 2:6.20-0.1~deb9u1.

We recommend that you upgrade your rar packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.