Hi,
there are news that Winrar has an security issue which can lead to malicious code being executed by just "opening" an archive.
Is Newsbin affected by this bug?
I understand that the latest beta (6.91B7) uses 7zip be default but what about the latest stable release 6.90?
Best regards
billy
Newsbin affected by latest Rar Security Issue?
2 posts
• Page 1 of 1
Newsbin affected by latest Rar Security Issue?
by billynews » Mon Aug 21, 2023 3:40 am
- billynews
- Seasoned User
- Posts: 138
- Joined: Sat Apr 12, 2008 2:57 pm
Registered Newsbin User since: 07/15/07
Re: Newsbin affected by latest Rar Security Issue?
by Quade » Mon Aug 21, 2023 12:43 pm
It's not clear to me. It's not clear if it's just the WinRAR GUI that is exposed. It has to do with recovery volume processing which are seldom used on usenet. Newsbin ignores the recovery volumes and you'd have to manually download them. PARs are what's used instead of recovery volumes. The security report says it requires some manual intervention on the user part to trigger the execution which isn't possible in Newsbin so, again I'm not sure.
I downloaded the latest WinRAR source from RARLabs. It's got an older date than the GUI WinRAR which has the fix.
The latest beta doesn't use WinRAR by default. Instead it uses 7zip to decode rars.
I'm still looking at it.
I downloaded the latest WinRAR source from RARLabs. It's got an older date than the GUI WinRAR which has the fix.
The latest beta doesn't use WinRAR by default. Instead it uses 7zip to decode rars.
I'm still looking at it.
"A security issue involving out of bounds write is fixed in RAR4 recovery volumes processing code," the maintainers of the software said.
-
Quade - Eternal n00b
- Posts: 44882
- Joined: Sat May 19, 2001 12:41 am
- Location: Virginia, US
Registered Newsbin User since: 10/24/97
2 posts
• Page 1 of 1
Return to V6 Technical Support
Who is online
Users browsing this forum: No registered users and 2 guests