Lucene search

DebianDEBIAN:DSA-5202-1:8A60F

HistoryAug 08, 2022 - 3:26 p.m.

[SECURITY] [DSA 5202-1] unzip security update

2022-08-0815:26:24

lists.debian.org

debian

security

update

infozip

unzip

vulnerabilities

fix

denial of service

arbitrary code

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

JSON

Debian Security Advisory DSA-5202-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 08, 2022 https://www.debian.org/security/faq

Package : unzip
CVE ID : CVE-2022-0529 CVE-2022-0530
Debian Bug : 1010355

Sandipan Roy discovered two vulnerabilities in InfoZIP's unzip program,
a de-archiver for .zip files, which could result in denial of service
or potentially the execution of arbitrary code.

For the stable distribution (bullseye), these problems have been fixed in
version 6.0-26+deb11u1.

We recommend that you upgrade your unzip packages.

For the detailed security status of unzip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/unzip

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11amd64unzip< 6.0-26+deb11u1unzip_6.0-26+deb11u1_amd64.deb
Debian11armhfunzip< 6.0-26+deb11u1unzip_6.0-26+deb11u1_armhf.deb
Debian11ppc64elunzip-dbgsym< 6.0-26+deb11u1unzip-dbgsym_6.0-26+deb11u1_ppc64el.deb
Debian11allunzip< 6.0-26+deb11u1unzip_6.0-26+deb11u1_all.deb
Debian10armhfunzip-dbgsym< 6.0-23+deb10u3unzip-dbgsym_6.0-23+deb10u3_armhf.deb
Debian10i386unzip< 6.0-23+deb10u3unzip_6.0-23+deb10u3_i386.deb
Debian11s390xunzip-dbgsym< 6.0-26+deb11u1unzip-dbgsym_6.0-26+deb11u1_s390x.deb
Debian11mips64elunzip-dbgsym< 6.0-26+deb11u1unzip-dbgsym_6.0-26+deb11u1_mips64el.deb
Debian11armelunzip-dbgsym< 6.0-26+deb11u1unzip-dbgsym_6.0-26+deb11u1_armel.deb
Debian11amd64unzip-dbgsym< 6.0-26+deb11u1unzip-dbgsym_6.0-26+deb11u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	amd64	unzip	< 6.0-26+deb11u1	unzip_6.0-26+deb11u1_amd64.deb
Debian	11	armhf	unzip	< 6.0-26+deb11u1	unzip_6.0-26+deb11u1_armhf.deb
Debian	11	ppc64el	unzip-dbgsym	< 6.0-26+deb11u1	unzip-dbgsym_6.0-26+deb11u1_ppc64el.deb
Debian	11	all	unzip	< 6.0-26+deb11u1	unzip_6.0-26+deb11u1_all.deb
Debian	10	armhf	unzip-dbgsym	< 6.0-23+deb10u3	unzip-dbgsym_6.0-23+deb10u3_armhf.deb
Debian	10	i386	unzip	< 6.0-23+deb10u3	unzip_6.0-23+deb10u3_i386.deb
Debian	11	s390x	unzip-dbgsym	< 6.0-26+deb11u1	unzip-dbgsym_6.0-26+deb11u1_s390x.deb
Debian	11	mips64el	unzip-dbgsym	< 6.0-26+deb11u1	unzip-dbgsym_6.0-26+deb11u1_mips64el.deb
Debian	11	armel	unzip-dbgsym	< 6.0-26+deb11u1	unzip-dbgsym_6.0-26+deb11u1_armel.deb
Debian	11	amd64	unzip-dbgsym	< 6.0-26+deb11u1	unzip-dbgsym_6.0-26+deb11u1_amd64.deb