Candidate: CVE-2017-12938
PublicDate: 2017-08-18 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12938
 http://www.openwall.com/lists/oss-security/2017/08/18/2
 http://seclists.org/oss-sec/2017/q3/290
Description:
 UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal
 protection mechanism via vectors involving a symlink to the . directory, a
 symlink to the .. directory, and a regular file.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_unrar-nonfree:
upstream_unrar-nonfree: released (1:5.5.8-1)
precise/esm_unrar-nonfree: DNE
trusty_unrar-nonfree: ignored (reached end-of-life)
trusty/esm_unrar-nonfree: DNE (trusty was needed)
vivid/ubuntu-core_unrar-nonfree: DNE
xenial_unrar-nonfree: ignored (end of standard support, was needed)
zesty_unrar-nonfree: ignored (reached end-of-life)
artful_unrar-nonfree: ignored (reached end-of-life)
bionic_unrar-nonfree: not-affected (1:5.5.8-1)
cosmic_unrar-nonfree: not-affected (1:5.5.8-1)
disco_unrar-nonfree: not-affected (1:5.5.8-1)
eoan_unrar-nonfree: not-affected (1:5.5.8-1)
focal_unrar-nonfree: not-affected (1:5.5.8-1)
groovy_unrar-nonfree: not-affected (1:5.5.8-1)
hirsute_unrar-nonfree: not-affected (1:5.5.8-1)
impish_unrar-nonfree: not-affected (1:5.5.8-1)
jammy_unrar-nonfree: not-affected (1:5.5.8-1)
devel_unrar-nonfree: not-affected (1:5.5.8-1)