AR Labs heeft versie 7.23 van zijn archiveringsprogramma's RAR en WinRAR uitgebracht. Deze populaire compressietools zijn beschikbaar voor diverse besturingssystemen, waaronder Windows, Linux en macOS. De programma's kunnen overweg met de gangbaarste formaten - waaronder rar, zip, cab, arj, lzh, tar, gz, uue, bz2, jar, iso, 7z en z -, hebben een skinnable interface en ondersteuning voor Zip64- en multivolume cabbestanden. In deze uitgave zijn de volgende veranderingen en verbeteringen aangebracht:
Changes in version WinRAR 7.23:
Changes in version WinRAR 7.23:1. Heap overflow vulnerability is fixed in RAR5 recovery volumedata reconstruction code. It affects WinRAR, RAR and UnRAR.UnRAR.dll library doesn't include recovery volume processing,so it is not affected.We are thankful to Arjun Basnet from Securin Labs for letting us knowabout this security issue.2. Symbolic link pointing outside of destination folder could be createdeven without -ola switch, when extracting a specially craftedRAR archive by WinRAR, RAR, UnRAR or UnRAR.dll library.Further check in extraction code prevents placing files to such foldereven in case of multiple extraction commands, excluding the possibilityof path traversal attack for WinRAR, RAR or UnRAR based extraction.It limits the potential threat to a case where another tool uses thissymbolic link to store files.We are thankful to scofaild23-bnomran for letting us know about thissecurity issue.3. 7zxa.dll 7z extraction library is updated to version 26.02 to includebug and vulnerability fixes by the library developer.4. Switch -iver prints RAR version even if -idc is specifiedin the command line, configuration file or RARINISWITCHES environmentvariable. Previously -idc blocked -iver action.Also a new line character is added to -iver output.
Source: Tweakers.net