MDVSA-2011:099
- Package name
- libzip
- Date
- 2011-05-24
- Advisory ID
- MDVSA-2011:099
- Affected versions
- 2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64
Problem description
A vulnerability has been identified and fixed in libzip:
The _zip_name_locate function in zip_name_locate.c in the Zip extension
in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
argument, which might allow context-dependent attackers to cause
a denial of service (application crash) via an empty ZIP archive
that is processed with a (1) locateName or (2) statName operation
(CVE-2011-0421).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
Updated packages
2009.0 x86_64
f79f16015ec07a2d3ab5defe7f3a9c61 2009.0/x86_64/lib64zip1-0.9-1.1mdv2009.0.x86_64.rpm 80caa5445d860ce81aa1dca417084315 2009.0/x86_64/lib64zip1-devel-0.9-1.1mdv2009.0.x86_64.rpm 8aabb4c7001455bdb6281d6940d7f260 2009.0/x86_64/libzip-0.9-1.1mdv2009.0.x86_64.rpm b674d890f391decb25160c3cbb61b67f 2009.0/SRPMS/libzip-0.9-1.1mdv2009.0.src.rpm
MES5 i586
8927d13cebb528734d923d9c8a5d2cc5 mes5/i586/libzip-0.9-1.1mdvmes5.2.i586.rpm 26895b0d8a3c7678915f63824644e6e0 mes5/i586/libzip1-0.9-1.1mdvmes5.2.i586.rpm e2fb873896d7fdfdddb768cf45ab905c mes5/i586/libzip1-devel-0.9-1.1mdvmes5.2.i586.rpm e675417cd92171246244c061e178c384 mes5/SRPMS/libzip-0.9-1.1mdvmes5.2.src.rpm
2010.1 i586
2c951ced9a7c5babdf9602a914de26fc 2010.1/i586/libzip-0.9.3-2.1mdv2010.2.i586.rpm cab6b7db4308674902991ea4f772bac0 2010.1/i586/libzip1-0.9.3-2.1mdv2010.2.i586.rpm 923b7c08dea396ca3e68d5317087abe1 2010.1/i586/libzip-devel-0.9.3-2.1mdv2010.2.i586.rpm c96f039d41e502ab7de18cc88f68195a 2010.1/SRPMS/libzip-0.9.3-2.1mdv2010.2.src.rpm
2009.0 i586
b2707764066551f6ce98927199313658 2009.0/i586/libzip-0.9-1.1mdv2009.0.i586.rpm 0545e88dc46b5029b6d286d77929b0d6 2009.0/i586/libzip1-0.9-1.1mdv2009.0.i586.rpm 59368b5e8945d41186ef43d50bc32fef 2009.0/i586/libzip1-devel-0.9-1.1mdv2009.0.i586.rpm b674d890f391decb25160c3cbb61b67f 2009.0/SRPMS/libzip-0.9-1.1mdv2009.0.src.rpm
CS4.0 i586
5cab7fa861e9b758e3934b5ce91ee843 corporate/4.0/i586/libzip-0.8-0.2.20060mlcs4.i586.rpm 1414a28bac961b51ee0ee500bb5e305f corporate/4.0/i586/libzip1-0.8-0.2.20060mlcs4.i586.rpm 0870b727bb7818ff6167b0ee7bfe69a0 corporate/4.0/i586/libzip1-devel-0.8-0.2.20060mlcs4.i586.rpm d880b19f9ed7009893526c5be191609b corporate/4.0/SRPMS/libzip-0.8-0.2.20060mlcs4.src.rpm
CS4.0 x86_64
39cad5f8ec0b6a8c453d201088ec1c19 corporate/4.0/x86_64/lib64zip1-0.8-0.2.20060mlcs4.x86_64.rpm 7bbfde955d5be982696ea749d02fda31 corporate/4.0/x86_64/lib64zip1-devel-0.8-0.2.20060mlcs4.x86_64.rpm 31632663a023e78b87f16d6ef3a513e9 corporate/4.0/x86_64/libzip-0.8-0.2.20060mlcs4.x86_64.rpm d880b19f9ed7009893526c5be191609b corporate/4.0/SRPMS/libzip-0.8-0.2.20060mlcs4.src.rpm
MES5 x86_64
40e013ad35ec3fc6d3a76a41a7284832 mes5/x86_64/lib64zip1-0.9-1.1mdvmes5.2.x86_64.rpm 1c14f06832bfcc7130b39f28489aaef8 mes5/x86_64/lib64zip1-devel-0.9-1.1mdvmes5.2.x86_64.rpm e8e051a9bb35bd3c4f1053a95137549c mes5/x86_64/libzip-0.9-1.1mdvmes5.2.x86_64.rpm e675417cd92171246244c061e178c384 mes5/SRPMS/libzip-0.9-1.1mdvmes5.2.src.rpm
2010.1 x86_64
b46dca982a4a05c16f41cfaecd75fcbb 2010.1/x86_64/lib64zip1-0.9.3-2.1mdv2010.2.x86_64.rpm 5d53ec5fdafacf8342fb744fc6023cda 2010.1/x86_64/lib64zip-devel-0.9.3-2.1mdv2010.2.x86_64.rpm 05961884a3a4846286a6c32cc3434ae8 2010.1/x86_64/libzip-0.9.3-2.1mdv2010.2.x86_64.rpm c96f039d41e502ab7de18cc88f68195a 2010.1/SRPMS/libzip-0.9.3-2.1mdv2010.2.src.rpm