ALT-BU-2025-6050-1
Branch c9f2 update bulletin.
Closed vulnerabilities
Modified: 2025-05-09
CVE-2023-24626
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
- https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
- https://savannah.gnu.org/bugs/?63195
- https://www.exploit-db.com/exploits/51252
- https://www.exploit-db.com/exploits/51252
- https://www.exploit-db.com/exploits/51252
- https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
- https://security.netapp.com/advisory/ntap-20250509-0003/
- https://savannah.gnu.org/bugs/?63195
Closed vulnerabilities
BDU:2022-02992
Уязвимость средства разархивирования файлов UnRAR, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю перезаписать произвольные файлы
BDU:2023-07638
Уязвимость средства разархивирования файлов UnRAR, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2025-03-13
CVE-2022-30333
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
- http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
- http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
- https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
- https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
- [debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update
- [debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update
- GLSA-202309-04
- GLSA-202309-04
- https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz
- https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz
- https://www.rarlab.com/rar_add.htm
- https://www.rarlab.com/rar_add.htm
Modified: 2024-11-21
CVE-2022-48579
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
- https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee
- https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee
- [debian-lts-announce] 20230817 [SECURITY] [DLA 3535-1] unrar-nonfree security update
- [debian-lts-announce] 20230817 [SECURITY] [DLA 3535-1] unrar-nonfree security update