A CVE has been issued for a security issue in unrar: https://www.debian.org/lts/security/2023/dla-3535 The issue is fixed upstream in 6.2.10. Mageia 8 and 9 are also affected.
CC: (none) => nicolas.salgueroWhiteboard: (none) => MGA9TOO, MGA8TOOAssignee: bugsquad => nicolas.salgueroSource RPM: (none) => unrar-6.21-1.mga9.nonfree.src.rpm
Suggested advisory: ======================== The updated package fixes a security vulnerability: Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. (CVE-2023-40477) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40477 https://www.debian.org/lts/security/2023/dla-3535 ======================== Updated package in 8/core/updates_testing: ======================== unrar-6.23-1.mga8.nonfree from SRPM: unrar-6.23-1.mga8.nonfree.src.rpm Updated package in 9/core/updates_testing: ======================== unrar-6.23-1.mga9.nonfree from SRPM: unrar-6.23-1.mga9.nonfree.src.rpm
Version: Cauldron => 9Whiteboard: MGA9TOO, MGA8TOO => MGA8TOOStatus: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugs
CC: (none) => mageia
MGA8-64 Xfce on Acer Aspire 5253 No installation issues Loaded sample from https://getsamplefiles.com/sample-archive-files/rar tested with engrampa and $ unrar e sample-3.rar UNRAR 6.23 freeware Copyright (c) 1993-2023 Alexander Roshal Extracting from sample-3.rar Extracting iphone-7-leaked-2017-ringtone-852 (1).mp4 OK All OK In both cases the resulting mp4 file plays OK. Ref also bug 21563, using the attached file and check the contents $ unrar e test.rar UNRAR 6.23 freeware Copyright (c) 1993-2023 Alexander Roshal Extracting from test.rar Extracting test.sha256 OK Extracting test_9.bin OK Extracting test_8.bin OK Extracting test_7.bin OK Extracting test_6.bin OK Extracting test_5.bin OK Extracting test_4.bin OK Extracting test_3.bin OK Extracting test_2.bin OK Extracting test_1.bin OK Extracting test_0.bin OK All OK [tester8@mach7 Documents]$ sha256sum --check test.sha256 test_0.bin: OK test_1.bin: OK test_2.bin: OK test_3.bin: OK test_4.bin: OK test_5.bin: OK test_6.bin: OK test_7.bin: OK test_8.bin: OK test_9.bin: OK Good enough for me
CC: (none) => herman.viaeneWhiteboard: MGA8TOO => MGA8TOO MGA8-64-OK
MGA9-64 Plasma, i5-2500, Intel graphics. No installation issues. Used Herman's link to download a different sample rar file: $ unrar e sample-4.rar UNRAR 6.23 freeware Copyright (c) 1993-2023 Alexander Roshal Extracting from sample-4.rar Extracting romantic-2018-ringtone-300.mp3 OK All OK Validating. Advisory in comment 1.
Keywords: (none) => validated_updateWhiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0258.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED