ELA-938-1 rar security update

arbitrary code execution

2023-08-29
Packagerar
Version2:6.23-1~deb9u1 (stretch)
Related CVEs CVE-2023-40477


A specific flaw within the processing of recovery volumes exists in RAR, an archive program for rar files. It allows remote attackers to execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability. The target must visit a malicious page or open a malicious rar file.



For Debian 9 stretch, these problems have been fixed in version 2:6.23-1~deb9u1.

We recommend that you upgrade your rar packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.