Bugzilla – Bug 1196177
VUL-0: CVE-2022-0530: unzip: SIGSEGV during the conversion of an utf-8 string to a local string
Last modified: 2022-09-27 12:39:38 UTC
rh#2051395 SIGSEGV during the conversion of an utf-8 string to a local string https://bugzilla.redhat.com/show_bug.cgi?id=2048569 References: https://bugzilla.redhat.com/show_bug.cgi?id=2051395 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0530 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0530
Same as bnc#1196175, can't reproduce on SLE-12, SLE-15 and Factory, the command will simply return "error: zipfile probably corrupt (segmentation violation)". Looking at the patch seems we already have some kind of mitigation in place there for the newer SLE and Factory. Tracking as affected: - SUSE:SLE-11-SP1:Update/unzip 5.52 - SUSE:SLE-11-SP2:Update/unzip 6.00 No patch available for now.
Does this have the same fix as bsc#1196175?
Hi Danilo, There's no patch for now, I'm not sure if the fix is the same. The main bug is private. I downloaded a reproducer last week but now I don't seem to find it anymore.
Created attachment 861575 [details] debian patch Added Debian patch, from [0]. Reproducers can be found in [1]. [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355 [1] https://github.com/ByteHackr/unzip_poc
(In reply to Gabriele Sonnu from comment #1) > Same as bnc#1196175, can't reproduce on SLE-12, SLE-15 and Factory, the > command will simply return "error: zipfile probably corrupt (segmentation > violation)". > Looking at the patch seems we already have some kind of mitigation in place > there for the newer SLE and Factory. The patch applies fine to SLE-12, so I would still apply it to SLE-12, SLE-15 and openSUSE:Factory, if it is okay for you.
(In reply to Danilo Spinella from comment #6) > The patch applies fine to SLE-12, so I would still apply it to SLE-12, > SLE-15 and openSUSE:Factory, if it is okay for you. If you think there's no potential regression/bug please do.
(In reply to Gabriele Sonnu from comment #9) > (In reply to Danilo Spinella from comment #6) > > The patch applies fine to SLE-12, so I would still apply it to SLE-12, > > SLE-15 and openSUSE:Factory, if it is okay for you. > > If you think there's no potential regression/bug please do. I don't there could be a regression, this patch just add some NULL checks.
Fix missing in unzip-rcc, pre-checkin was not run. Should be singlespec! -# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0530 bsc#1196177 -Patch24: CVE-2022-0530.patch -# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0529 bsc#1196180 -Patch25: CVE-2022-0529.patch -%patch24 -p1 -%patch25 -p1
SUSE-SU-2022:3386-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1196177,1196180 CVE References: CVE-2022-0529,CVE-2022-0530 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): unzip-6.00-33.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3399-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1196177,1196180 CVE References: CVE-2022-0529,CVE-2022-0530 JIRA References: Sources used: openSUSE Leap 15.4 (src): unzip-6.00-150000.4.11.1 openSUSE Leap 15.3 (src): unzip-6.00-150000.4.11.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): unzip-6.00-150000.4.11.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): unzip-6.00-150000.4.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.