Debian 10260 Published by

An unrar-nonfree security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue that allows remote attackers to execute arbitrary code on affected installations.



ELA-939-1 unrar-nonfree security update

Package : unrar-nonfree
Version : 1:5.6.6-1+deb9u2 (stretch)

Related CVEs :
CVE-2023-40477

A specific flaw within the processing of recovery volumes exists in UnRAR,
an unarchiver for rar files. It allows remote attackers to execute arbitrary
code on affected installations. User interaction is required to exploit this
vulnerability. The target must visit a malicious page or open a malicious rar
file.

ELA-939-1 unrar-nonfree security update