ELA-683-1 unzip security update

arbitrary code execution

2022-09-22
Packageunzip
Version6.0-16+deb8u7 (jessie), 6.0-21+deb9u3 (stretch)
Related CVEs CVE-2022-0529 CVE-2022-0530

Sandipan Roy discovered two vulnerabilities in InfoZIP’s unzip program, a de-archiver for .zip files, which could result in denial of service or potentially the execution of arbitrary code.

For Debian 8 jessie, these problems have been fixed in version 6.0-16+deb8u7.

For Debian 9 stretch, these problems have been fixed in version 6.0-21+deb9u3.

We recommend that you upgrade your unzip packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/