The exact problem I was seeing was backing up a course in Moodle, it would crash halfway through performing the backup, causing httpd to segfault. Upgrading libzip fixes this problem. Updated packages uploaded for Mageia 4 and Cauldron. Advisory: ---------------------------------------- The libzip library has been updated to version 0.11.2, which fixes crashes that affected php-zip and possibly other users of the library. References: http://www.nih.at/listarchive/libzip-discuss/msg00417.html ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- libzip-0.11.2-1.mga4 libzip2-0.11.2-1.mga4 libzip-devel-0.11.2-1.mga4 from libzip-0.11.2-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Blocks: (none) => 13050
There's a simple PoC on Bug 13050: <?php $za = new ZipArchive(); $flags = ZIPARCHIVE::CREATE; $result = $za->open("/tmp/test.zip", $flags); var_dump($result); $za->addEmptyDir('activities/'); ?> Save that in a file called ziptest.php, install php-zip and php-cli, and run it as "php ziptest.php" It should segfault before the libzip update, and not segfault after it. I've confirmed the PoC is fixed on Mageia 4 i586.
PoC is fixed on Mageia 4 x86-64 (in a VBox VM). It was broken before the upgrade.
CC: (none) => shlomifWhiteboard: (none) => MGA4-64-OK has_procedure
Thanks Shlomi! Since I've confirmed the fix on i586 with both Moodle and the script in Comment 1, this could be validated.
PoC exploit segfaults on a Mageia 4 i586 VM before the update and is fixed on it after the update. Marking as MGA4-32-OK .
Marking now.
Whiteboard: MGA4-64-OK has_procedure => MGA4-64-OK has_procedure MGA4-32-OK
Advisory uploaded. Validating. Could sysadmin please push to 4 updates Thanks!
Keywords: (none) => validated_updateWhiteboard: MGA4-64-OK has_procedure MGA4-32-OK => MGA4-64-OK mga4-32-ok advisory has_procedureCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2014-0164.html
Status: NEW => RESOLVEDCC: (none) => mageiaResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/593611/