An unrar-nonfree security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue that allows remote attackers to execute arbitrary code on affected installations.
ELA-939-1 unrar-nonfree security update
Package : unrar-nonfree
Version : 1:5.6.6-1+deb9u2 (stretch)
Related CVEs :
CVE-2023-40477
A specific flaw within the processing of recovery volumes exists in UnRAR,
an unarchiver for rar files. It allows remote attackers to execute arbitrary
code on affected installations. User interaction is required to exploit this
vulnerability. The target must visit a malicious page or open a malicious rar
file.
