[UCI-Linux] Zoom meeting client vulnerabilities

Mike Iglesias iglesias at uci.edu
Fri Dec 15 11:27:37 PST 2017


The Zoom meeting client for Linux prior to v2.0.115900.1201 has two critical
vulnerabilities - a buffer overflow and a command injection vulnerability.
Both vulnerabilities can possibly be triggered remotely via a zoommtg:// tag.

If you are using the Linux Zoom meeting client you should update to the latest
release (2.0.115900.1201) from Zoom's web site:  https://zoom.us/download

Note that at least for the yum/dnf based Linux distributions, there is no
repository setup for Zoom, so you have to do the updates by hand.  Zoom's
download site does not mention the vulnerabilities in the update information
for the current version, although the researchers who found the bugs have
verified that the current version fixes them.


Mike



More information about the UCI-Linux mailing list