– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nGentoo Linux Security Advisory GLSA 202310-17
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nhttps:\/\/security.gentoo.org\/
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>\n
Severity: High
\nTitle: UnZip: Multiple Vulnerabilities
\nDate: October 30, 2023
\nBugs: #831190
\nID: 202310-17<\/p>\n
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>\n
Synopsis
\n========<\/p>\n
Multiple vulnerabilities have been discovered in UnZip, the worst of
\nwhich could lead to code execution.<\/p>\n
Background
\n==========<\/p>\n
Info-ZIP\u2019s UnZip is a tool to list and extract files inside PKZIP
\ncompressed files.<\/p>\n
Affected packages
\n=================<\/p>\n
Package Vulnerable Unaffected
\n————– ———— ————
\napp-arch\/unzip < 6.0_p27 >= 6.0_p27<\/p>\n
Description
\n===========<\/p>\n
Multiple vulnerabilities have been discovered in UnZip. Please review
\nthe CVE identifiers referenced below for details.<\/p>\n
Impact
\n======<\/p>\n
Please review the referenced CVE identifiers for details.<\/p>\n
Workaround
\n==========<\/p>\n
There is no known workaround at this time.<\/p>\n
Resolution
\n==========<\/p>\n
All UnZip users should upgrade to the latest version:<\/p>\n
# emerge –sync
\n# emerge –ask –oneshot –verbose “>=app-arch\/unzip-6.0_p27”<\/p>\n
References
\n==========<\/p>\n[ 1 ] CVE-2022-0529
\nhttps:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-0529
\n[ 2 ] CVE-2022-0530
\nhttps:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-0530<\/p>\n
Availability
\n============<\/p>\n
This GLSA and any updates to it are available for viewing at
\nthe Gentoo Security Website:<\/p>\n
https:\/\/security.gentoo.org\/glsa\/202310-17<\/p>\n
Concerns?
\n=========<\/p>\n
Security is a primary focus of Gentoo Linux and ensuring the
\nconfidentiality and security of our users’ machines is of utmost
\nimportance to us. Any security concerns should be addressed to
\nsecurity@gentoo.org or alternatively, you may file a bug at
\nhttps:\/\/bugs.gentoo.org.<\/p>\n
License
\n=======<\/p>\n
Copyright 2023 Gentoo Foundation, Inc; referenced text
\nbelongs to its owner(s).<\/p>\n
The contents of this document are licensed under the
\nCreative Commons – Attribution \/ Share Alike license.<\/p>\n
https:\/\/creativecommons.org\/licenses\/by-sa\/2.5<\/p>\n","protected":false},"excerpt":{"rendered":"
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux Security Advisory GLSA 202310-17 – – – – – – – – – – – – – …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-50714","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/50714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=50714"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/50714\/revisions"}],"predecessor-version":[{"id":50752,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/50714\/revisions\/50752"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=50714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=50714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=50714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}