Dear Aishwarya Priyadarshini, Welcome to R-help! Most people here aren't affiliated with R Foundation.
В Wed, 26 Jun 2024 17:03:37 +0000 "Priya, Aishwarya via R-help" <r-help@r-project.org> пишет: > I am reaching out to seek your guidance on addressing the security > vulnerability CVE-2024-27322. > To address this issue effectively, it appears that we need to first > uninstall the existing older version before installing the latest > version. This process should ensure that the security vulnerability > is adequately resolved. What's your threat model? If you need the CVE fix purely because you are required to install it by some sort of regulations, installing R-4.4.0 and removing all older versions of R is definitely the right thing to do. If you actually need to be secure against untrusted *.rds or *.rda files, R-4.4.0 or any other version of R will be of no help to you. There are too many ways to make an R object dangerous to use, and the *.rds and *.rda files will faithfully represent the trapped R object even in the absence of any vulnerabilities in the parser: https://aitap.github.io/2024/05/02/unserialize.html If you only process *.rds and *.rda files you trust, you've never been in danger from this so-called vulnerability. Feel free to keep running older versions of R. -- Best regards, Ivan ______________________________________________ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
