Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Question to rar / unrar and issue with Zimbra [solved]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ChrisJumper
Advocate
Advocate


Joined: 12 Mar 2005
Posts: 2403
Location: Germany
PostPosted: Thu Jun 30, 2022 7:30 pm    Post subject: Question to rar / unrar and issue with Zimbra [solved] Reply with quote
Hello,

i was a bit confused by the News about Zimbra.

Gentoo already fixed the Bug, but why we have two packages?


Code:
[I] app-arch/unrar
     Verfügbare Versionen:   6.1.7(0/6)
     Installierte Versionen: 6.1.7(0/6)(xx:xx:xx 2x.06.2022)
     Startseite:             https://www.rarlab.com/rar_add.htm
     Beschreibung:           Uncompress rar files


Code:
[I] app-arch/rar
     Verfügbare Versionen:   6.12^md {all-sfx}
     Installierte Versionen: 6.12^md(xx:xx:xx 2x.06.2022)(-all-sfx)
     Startseite:             https://www.rarlab.com/
     Beschreibung:           RAR compressor/uncompressor

rar Version 6.12 is fixed, i just was confused about unrar have a different Version Number. And as far as i understood, the Antivirus Server open rar packages... so the Version Number to defend an Attack by email should be unrar and not rar.

This post is just for the record and because i was a little confused about.

Thank you very much for your work, and have a good Summer! By the Way if you look for Jobs. Programming Algorithms to processing Big Data (Streams) is a hype right now.

Last edited by ChrisJumper on Fri Jul 01, 2022 8:22 pm; edited 1 time in total
Back to top
View user's profile Send private message
freke
Veteran
Veteran


Joined: 23 Jan 2003
Posts: 1051
Location: Somewhere in Denmark
PostPosted: Thu Jun 30, 2022 8:44 pm    Post subject: Reply with quote
They are seperate, and doesn't the link itself say that?

Quote:
Am I affected?

The official security patch by RarLab is contained in the UnRar source code version 6.1.7 and is included with the binaries of version 6.12. Any previous version may be vulnerable. Only the Unix binaries (excluding Android) are affected by this vulnerability. WinRAR is free of this bug.


https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
Back to top
View user's profile Send private message
ChrisJumper
Advocate
Advocate


Joined: 12 Mar 2005
Posts: 2403
Location: Germany
PostPosted: Fri Jul 01, 2022 8:22 pm    Post subject: Reply with quote
Thank you freke, you are right about. I just read first a German IT News Portal, and they missed to mention the two Versions about Unrar and rar. Thank you for answering and sorry for my post here. I'll take more time to read the Source precisely.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy