Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 864939 (CVE-2022-28755)

Summary: <net-im/zoom-5.11.0.3540: remote code execution via url parsing vulnerability
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: dilfridge, mva, ulm
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://explore.zoom.us/en/trust/security/security-bulletin/
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-11 20:26:17 UTC 
CVE-2022-28755:

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths.

Please cleanup.
Comment 1 Larry the Git Cow gentoo-dev 2022-08-12 00:38:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f7ce21a121e3e07b3410f527028e891c9b8314a

commit 1f7ce21a121e3e07b3410f527028e891c9b8314a
Author:     Ulrich Müller <ulm@gentoo.org>
AuthorDate: 2022-08-12 00:38:25 +0000
Commit:     Ulrich Müller <ulm@gentoo.org>
CommitDate: 2022-08-12 00:38:25 +0000

    net-im/zoom: drop 5.10.7.3311
    
    Bug: https://bugs.gentoo.org/864939
    Signed-off-by: Ulrich Müller <ulm@gentoo.org>

 net-im/zoom/Manifest                |   1 -
 net-im/zoom/zoom-5.10.7.3311.ebuild | 185 ------------------------------------
 2 files changed, 186 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-12 00:42:51 UTC 
Thanks, all done!