An unzip security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address two vulnerabilities.
ELA-683-1 unzip security update
Package unzip
ELA-683-1 unzip security update
Version 6.0-16+deb8u7 (jessie), 6.0-21+deb9u3 (stretch)
Related CVEs CVE-2022-0529 CVE-2022-0530
Sandipan Roy discovered two vulnerabilities in InfoZIP’s unzip program, a de-archiver for .zip files, which could result in denial of service or potentially the execution of arbitrary code.
For Debian 8 jessie, these problems have been fixed in version 6.0-16+deb8u7.
For Debian 9 stretch, these problems have been fixed in version 6.0-21+deb9u3.
We recommend that you upgrade your unzip packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
