Login
Newsletter
Werbung
Sicherheit: Denial of Service in libzip
Aktuelle Meldungen Distributionen
Name: Denial of Service in libzip
ID: MDVSA-2011:099
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2009.0, Mandriva Enterprise Server 5.0, Mandriva 2010.1
Datum: Di, 24. Mai 2011, 13:29
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
Applikationen: libzip

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1306230852-2533-134

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:099
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libzip
 Date    : May 24, 2011
 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been identified and fixed in libzip:
 
 The _zip_name_locate function in zip_name_locate.c in the Zip extension
 in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
 argument, which might allow context-dependent attackers to cause
 a denial of service (application crash) via an empty ZIP archive
 that is processed with a (1) locateName or (2) statName operation
 (CVE-2011-0421).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 b2707764066551f6ce98927199313658  2009.0/i586/libzip-0.9-1.1mdv2009.0.i586.rpm
 0545e88dc46b5029b6d286d77929b0d6 
 2009.0/i586/libzip1-0.9-1.1mdv2009.0.i586.rpm
 59368b5e8945d41186ef43d50bc32fef 
 2009.0/i586/libzip1-devel-0.9-1.1mdv2009.0.i586.rpm 
 b674d890f391decb25160c3cbb61b67f  2009.0/SRPMS/libzip-0.9-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 f79f16015ec07a2d3ab5defe7f3a9c61 
 2009.0/x86_64/lib64zip1-0.9-1.1mdv2009.0.x86_64.rpm
 80caa5445d860ce81aa1dca417084315 
 2009.0/x86_64/lib64zip1-devel-0.9-1.1mdv2009.0.x86_64.rpm
 8aabb4c7001455bdb6281d6940d7f260 
 2009.0/x86_64/libzip-0.9-1.1mdv2009.0.x86_64.rpm 
 b674d890f391decb25160c3cbb61b67f  2009.0/SRPMS/libzip-0.9-1.1mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 2c951ced9a7c5babdf9602a914de26fc 
 2010.1/i586/libzip-0.9.3-2.1mdv2010.2.i586.rpm
 cab6b7db4308674902991ea4f772bac0 
 2010.1/i586/libzip1-0.9.3-2.1mdv2010.2.i586.rpm
 923b7c08dea396ca3e68d5317087abe1 
 2010.1/i586/libzip-devel-0.9.3-2.1mdv2010.2.i586.rpm 
 c96f039d41e502ab7de18cc88f68195a 
 2010.1/SRPMS/libzip-0.9.3-2.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 b46dca982a4a05c16f41cfaecd75fcbb 
 2010.1/x86_64/lib64zip1-0.9.3-2.1mdv2010.2.x86_64.rpm
 5d53ec5fdafacf8342fb744fc6023cda 
 2010.1/x86_64/lib64zip-devel-0.9.3-2.1mdv2010.2.x86_64.rpm
 05961884a3a4846286a6c32cc3434ae8 
 2010.1/x86_64/libzip-0.9.3-2.1mdv2010.2.x86_64.rpm 
 c96f039d41e502ab7de18cc88f68195a 
 2010.1/SRPMS/libzip-0.9.3-2.1mdv2010.2.src.rpm

 Corporate 4.0:
 5cab7fa861e9b758e3934b5ce91ee843 
 corporate/4.0/i586/libzip-0.8-0.2.20060mlcs4.i586.rpm
 1414a28bac961b51ee0ee500bb5e305f 
 corporate/4.0/i586/libzip1-0.8-0.2.20060mlcs4.i586.rpm
 0870b727bb7818ff6167b0ee7bfe69a0 
 corporate/4.0/i586/libzip1-devel-0.8-0.2.20060mlcs4.i586.rpm 
 d880b19f9ed7009893526c5be191609b 
 corporate/4.0/SRPMS/libzip-0.8-0.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 39cad5f8ec0b6a8c453d201088ec1c19 
 corporate/4.0/x86_64/lib64zip1-0.8-0.2.20060mlcs4.x86_64.rpm
 7bbfde955d5be982696ea749d02fda31 
 corporate/4.0/x86_64/lib64zip1-devel-0.8-0.2.20060mlcs4.x86_64.rpm
 31632663a023e78b87f16d6ef3a513e9 
 corporate/4.0/x86_64/libzip-0.8-0.2.20060mlcs4.x86_64.rpm 
 d880b19f9ed7009893526c5be191609b 
 corporate/4.0/SRPMS/libzip-0.8-0.2.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 8927d13cebb528734d923d9c8a5d2cc5  mes5/i586/libzip-0.9-1.1mdvmes5.2.i586.rpm
 26895b0d8a3c7678915f63824644e6e0  mes5/i586/libzip1-0.9-1.1mdvmes5.2.i586.rpm
 e2fb873896d7fdfdddb768cf45ab905c 
 mes5/i586/libzip1-devel-0.9-1.1mdvmes5.2.i586.rpm 
 e675417cd92171246244c061e178c384  mes5/SRPMS/libzip-0.9-1.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 40e013ad35ec3fc6d3a76a41a7284832 
 mes5/x86_64/lib64zip1-0.9-1.1mdvmes5.2.x86_64.rpm
 1c14f06832bfcc7130b39f28489aaef8 
 mes5/x86_64/lib64zip1-devel-0.9-1.1mdvmes5.2.x86_64.rpm
 e8e051a9bb35bd3c4f1053a95137549c 
 mes5/x86_64/libzip-0.9-1.1mdvmes5.2.x86_64.rpm 
 e675417cd92171246244c061e178c384  mes5/SRPMS/libzip-0.9-1.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN20+QmqjQ0CJFipgRAkNfAJ4rXaVWkphVslNS0q7faBMWKwh1RQCgxVH1
Di9TN3bCfXHOIrvPkP1C/ws=
=I8bT
-----END PGP SIGNATURE-----


------------=_1306230852-2533-134
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1306230852-2533-134--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung