| Package | rar |
|---|---|
| Version | 2:6.20-0.1~deb9u1 (stretch) |
| Related CVEs | CVE-2022-30333 |
The RAR archiver allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
For Debian 9 stretch, these problems have been fixed in version 2:6.20-0.1~deb9u1.
We recommend that you upgrade your rar packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.