SUSE-SU-2021:2834-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2021/suse-su-20212834-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:2834-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2021:2834-1

Related

Published

2021-08-25T10:26:54Z

Modified

2021-08-25T10:26:54Z

Summary

Security update for unrar

Details

This update for unrar to version 5.6.1 fixes several issues.

These security issues were fixed:

CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038).
CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038).
CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038).
CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038).
CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974).

These non-security issues were fixed:

Added extraction support for .LZ archives created by Lzip compressor
Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES
Added support for PAX extended headers inside of TAR archive
If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files
By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified
Added support for AES-NI CPU instructions
Support for a new RAR 5.0 archiving format
Wildcard exclusion mask for folders
Prevent conditional jumps depending on uninitialised values (bsc#1046882)

References

Affected packages

SUSE:OpenStack Cloud 8 / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}

SUSE:OpenStack Cloud 9 / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20OpenStack%20Cloud%209

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 9 / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP3 / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "libunrar-devel": "5.6.1-4.5.1",
            "libunrar5_6_1": "5.6.1-4.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-LTSS / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP3-BCL / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4-LTSS / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / unrar

Package

Name: unrar
Purl: purl:rpm/suse/unrar&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.1-4.5.1

Ecosystem specific

{
    "binaries": [
        {
            "unrar": "5.6.1-4.5.1"
        }
    ]
}