Mandriva Update For Libzip MDVSA-2012:034 (libzip) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been found and corrected in libzip: libzip (version &lt = 0.10) uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files (CVE-2012-1162). libzip (version &lt = 0.10) has a numeric overflow condition, which, for example, results in improper restrictions of operations within the bounds of a memory buffer (e.g., allowing information leaks) (CVE-2012-1163). The updated packages have been upgraded to the 0.10.1 version to correct these issues.

Affected

libzip on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2012-1162, CVE-2012-1163
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:148 (kernel)
Mandrake Security Advisory MDVSA-2009:149 (apache)
Mandrake Security Advisory MDVSA-2009:169 (libtiff)
Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
Mandrake Security Advisory MDVSA-2009:067 (libsndfile)

Mandriva Update for libzip MDVSA-2012:034 (libzip)

Take action and discover your vulnerabilities