CVE-2022-22784: The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server. CVE-2022-22785: The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user. CVE-2022-22787: The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services. So, we seem to need to unmask 5.10 but not sure if that's really feasible yet.
*shrug* The advantage of 5.9 is that it's actually usable, because it doesn't crash with newest glibc. So I fear no action here (short of last-rites) until upstream fixes bug 835930.
Allegedly, the clone3 problem is fixed in zoom-5.10.6.3192, so I've unmasked that version. I'll remove zoom-5.9.6.2225-r2 in two weeks from now, unless we'll see further reports that 5.10 crashes.
- Should we mask 5.9.6.2225-r2 as well while we still have it around? - FYI unless it's a typo https://bugs.chromium.org/p/project-zero/issues/detail?id=2254#c4 says that up to <5.10.4 is affected, not <5.10.0.
(In reply to Sebastian Pipping from comment #3) > - Should we mask 5.9.6.2225-r2 as well while we still have it around? I'd rather not. There was a lot of confusion around the package lately, with masking and unmasking >=5.10 twice, and removing and later restoring 5.9.6.
(In reply to Sebastian Pipping from comment #3) > - Should we mask 5.9.6.2225-r2 as well while we still have it around? > > - FYI unless it's a typo > https://bugs.chromium.org/p/project-zero/issues/detail?id=2254#c4 > says that up to <5.10.4 is affected, not <5.10.0. Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1eec0ff3721f5c97addadb79b36a34b1d8c5806c commit 1eec0ff3721f5c97addadb79b36a34b1d8c5806c Author: Ulrich Müller <ulm@gentoo.org> AuthorDate: 2022-06-07 06:48:02 +0000 Commit: Ulrich Müller <ulm@gentoo.org> CommitDate: 2022-06-07 06:49:05 +0000 net-im/zoom: drop 5.9.6.2225-r2 Bug: https://bugs.gentoo.org/846395 Signed-off-by: Ulrich Müller <ulm@gentoo.org> net-im/zoom/Manifest | 1 - net-im/zoom/zoom-5.9.6.2225-r2.ebuild | 171 ---------------------------------- 2 files changed, 172 deletions(-)
Can this bug be closed?
(In reply to Ulrich Müller from comment #7) > Can this bug be closed? Now that there aren't any vulnerable versions left in tree, yes! Sorry I didn't handle sooner, not sure how I missed the cleanup.
