SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Software and versions affected
In this section we go into detail about which versions of unrar are affected. Although this blog post focuses on Zimbra to demonstrate the impact of this bug, any software relying on an unpatched version of unrar to extract untrusted archives is affected.
Possibly, but how many of us go there too? I tend to concentrate on my main areas of interest, basically Slackware and its ARM derivatives. I can't remember when I last visited "Linux - Software", whereas I visit here regularly. Had it not been for the original post here, I would have been blissfully ignorant of this vulnerability. I suspect there are quite a few others like me.
(I guess it'll be on ftp mirrors too, soon? - our rsync mirror shows old stuff still)
Cheers
it won't go in the main repository until the next global update, probably in the weekend.
thanks for the report but for the next time, if you have to point out security issues with stuff on SBo, I suggest you to report them to the respective script maintainers and to the slackbuilds-users mailing list: if you report them here on the forum interested people might not read and they might won't get fixed.
this time it has been handled because I happened to incidentally read the post, but don't count on it.
You would have found out by checking for updates in sbopkg.
Anyhow TIL people still use rar. I don't encounter it much these days. Same goes for arj.
One of RAR's killer features is its recovery function. I once created a test archive with a recovery record of something like 5 or 10 percent. I was able to damage multiple non-contiguous areas of the archive, using a hex editor, and RAR was able to recover the original archive.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.