Newsbin affected by latest Rar Security Issue?

Technical support and discussion of Newsbin Version 6 series.

Newsbin affected by latest Rar Security Issue?

Postby billynews » Mon Aug 21, 2023 3:40 am

Hi,

there are news that Winrar has an security issue which can lead to malicious code being executed by just "opening" an archive.

Is Newsbin affected by this bug?

I understand that the latest beta (6.91B7) uses 7zip be default but what about the latest stable release 6.90?

Best regards

billy
billynews
Seasoned User
Seasoned User
 
Posts: 139
Joined: Sat Apr 12, 2008 2:57 pm

Registered Newsbin User since: 07/15/07

Re: Newsbin affected by latest Rar Security Issue?

Postby Quade » Mon Aug 21, 2023 12:43 pm

It's not clear to me. It's not clear if it's just the WinRAR GUI that is exposed. It has to do with recovery volume processing which are seldom used on usenet. Newsbin ignores the recovery volumes and you'd have to manually download them. PARs are what's used instead of recovery volumes. The security report says it requires some manual intervention on the user part to trigger the execution which isn't possible in Newsbin so, again I'm not sure.

I downloaded the latest WinRAR source from RARLabs. It's got an older date than the GUI WinRAR which has the fix.

The latest beta doesn't use WinRAR by default. Instead it uses 7zip to decode rars.

I'm still looking at it.

"A security issue involving out of bounds write is fixed in RAR4 recovery volumes processing code," the maintainers of the software said.
User avatar
Quade
Eternal n00b
Eternal n00b
 
Posts: 44981
Joined: Sat May 19, 2001 12:41 am
Location: Virginia, US

Registered Newsbin User since: 10/24/97


Return to V6 Technical Support

Who is online

Users browsing this forum: Google [Bot] and 4 guests