Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0371)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0371

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0371)

Resumen: The remote host is missing an update for the 'unzip' package(s) announced via the MGASA-2022-0371 advisory.

Descripción: Summary:
The remote host is missing an update for the 'unzip' package(s) announced via the MGASA-2022-0371 advisory.

Vulnerability Insight:
Improper handling of Unicode strings, which can lead to a null pointer
dereference. This flaw allows an attacker to input a specially crafted zip
file, leading to a crash or code execution. (CVE-2021-4217)

Conversion of a wide string to a local string that leads to a heap of
out-of-bound write. This flaw allows an attacker to input a specially
crafted zip file, leading to a crash or code execution. (CVE-2022-0529,
CVE-2022-0530)

Affected Software/OS:
'unzip' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-4217
https://access.redhat.com/security/cve/CVE-2021-4217
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
https://bugzilla.redhat.com/show_bug.cgi?id=2044583
Common Vulnerability Exposure (CVE) ID: CVE-2022-0529
https://security.gentoo.org/glsa/202310-17
DSA-5202
https://www.debian.org/security/2022/dsa-5202
[debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update
https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html
https://bugzilla.redhat.com/show_bug.cgi?id=2051395
https://github.com/ByteHackr/unzip_poc
Common Vulnerability Exposure (CVE) ID: CVE-2022-0530
20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
http://seclists.org/fulldisclosure/2022/May/38
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
http://seclists.org/fulldisclosure/2022/May/35
20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
http://seclists.org/fulldisclosure/2022/May/33
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0371
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0371)
Resumen:	The remote host is missing an update for the 'unzip' package(s) announced via the MGASA-2022-0371 advisory.
Descripción:	Summary: The remote host is missing an update for the 'unzip' package(s) announced via the MGASA-2022-0371 advisory. Vulnerability Insight: Improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. (CVE-2021-4217) Conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. (CVE-2022-0529, CVE-2022-0530) Affected Software/OS: 'unzip' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-4217 https://access.redhat.com/security/cve/CVE-2021-4217 https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077 https://bugzilla.redhat.com/show_bug.cgi?id=2044583 Common Vulnerability Exposure (CVE) ID: CVE-2022-0529 https://security.gentoo.org/glsa/202310-17 DSA-5202 https://www.debian.org/security/2022/dsa-5202 [debian-lts-announce] 20220922 [SECURITY] [DLA 3118-1] unzip security update https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html https://bugzilla.redhat.com/show_bug.cgi?id=2051395 https://github.com/ByteHackr/unzip_poc Common Vulnerability Exposure (CVE) ID: CVE-2022-0530 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4 http://seclists.org/fulldisclosure/2022/May/38 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 http://seclists.org/fulldisclosure/2022/May/35 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina http://seclists.org/fulldisclosure/2022/May/33 https://support.apple.com/kb/HT213255 https://support.apple.com/kb/HT213256 https://support.apple.com/kb/HT213257
Copyright	Copyright (C) 2022 Greenbone AG