newsbin.com

Newsbin Pro Users Forum
http://forum.newsbin.com/

Newsbin affected by latest Rar Security Issue?

http://forum.newsbin.com/viewtopic.php?f=43&t=48175

Page 1 of 1

Newsbin affected by latest Rar Security Issue?

PostPosted: Mon Aug 21, 2023 3:40 am
by billynews
Hi,

there are news that Winrar has an security issue which can lead to malicious code being executed by just "opening" an archive.

Is Newsbin affected by this bug?

I understand that the latest beta (6.91B7) uses 7zip be default but what about the latest stable release 6.90?

Best regards

billy

Re: Newsbin affected by latest Rar Security Issue?

PostPosted: Mon Aug 21, 2023 12:43 pm
by Quade
It's not clear to me. It's not clear if it's just the WinRAR GUI that is exposed. It has to do with recovery volume processing which are seldom used on usenet. Newsbin ignores the recovery volumes and you'd have to manually download them. PARs are what's used instead of recovery volumes. The security report says it requires some manual intervention on the user part to trigger the execution which isn't possible in Newsbin so, again I'm not sure.

I downloaded the latest WinRAR source from RARLabs. It's got an older date than the GUI WinRAR which has the fix.

The latest beta doesn't use WinRAR by default. Instead it uses 7zip to decode rars.

I'm still looking at it.

"A security issue involving out of bounds write is fixed in RAR4 recovery volumes processing code," the maintainers of the software said.
All times are UTC - 4 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/