Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
SUSE: Security Advisory (SUSE-SU-2021:2834-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'unrar' package(s) announced via the SUSE-SU-2021:2834-1 advisory.
Insight
Insight
This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974). These non-security issues were fixed: Added extraction support for .LZ archives created by Lzip compressor Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES Added support for PAX extended headers inside of TAR archive If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified Added support for AES-NI CPU instructions Support for a new RAR 5.0 archiving format Wildcard exclusion mask for folders Prevent conditional jumps depending on uninitialised values (bsc#1046882)
Affected Software
Affected Software
'unrar' package(s) on SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 9.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
Please install the updated package(s).