Bug 13112 - libzip causes crashes in php-zip
: libzip causes crashes in php-zip
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: RPM Packages
: 4
: i586 Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/593611/
: MGA4-64-OK mga4-32-ok advisory has_pr...
: validated_update
:
: 13050
  Show dependency treegraph
 
Reported: 2014-03-28 16:49 CET by David Walser
Modified: 2014-04-07 23:14 CEST (History)
3 users (show)

See Also:
Source RPM: libzip-0.11.1-2.mga4.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2014-03-28 16:49:21 CET
The exact problem I was seeing was backing up a course in Moodle, it would crash halfway through performing the backup, causing httpd to segfault.

Upgrading libzip fixes this problem.

Updated packages uploaded for Mageia 4 and Cauldron.

Advisory:
----------------------------------------

The libzip library has been updated to version 0.11.2, which fixes crashes
that affected php-zip and possibly other users of the library.

References:
http://www.nih.at/listarchive/libzip-discuss/msg00417.html
----------------------------------------
Updated packages in core/updates_testing:
----------------------------------------
libzip-0.11.2-1.mga4
libzip2-0.11.2-1.mga4
libzip-devel-0.11.2-1.mga4

from libzip-0.11.2-1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2014-04-04 18:55:06 CEST
There's a simple PoC on Bug 13050:
<?php
$za = new ZipArchive();
$flags = ZIPARCHIVE::CREATE;
$result = $za->open("/tmp/test.zip", $flags);
var_dump($result);
$za->addEmptyDir('activities/');
?>

Save that in a file called ziptest.php, install php-zip and php-cli, and run it as "php ziptest.php"

It should segfault before the libzip update, and not segfault after it.

I've confirmed the PoC is fixed on Mageia 4 i586.
Comment 2 Shlomi Fish 2014-04-04 19:21:40 CEST
PoC is fixed on Mageia 4 x86-64 (in a VBox VM). It was broken before the upgrade.
Comment 3 David Walser 2014-04-04 19:29:26 CEST
Thanks Shlomi!  Since I've confirmed the fix on i586 with both Moodle and the script in Comment 1, this could be validated.
Comment 4 Shlomi Fish 2014-04-04 19:35:57 CEST
PoC exploit segfaults on a Mageia 4 i586 VM before the update and is fixed on it after the update. Marking as MGA4-32-OK .
Comment 5 Shlomi Fish 2014-04-04 19:36:43 CEST
Marking now.
Comment 6 claire robinson 2014-04-04 19:38:11 CEST
Advisory uploaded. Validating.

Could sysadmin please push to 4 updates

Thanks!
Comment 7 Damien Lallement 2014-04-04 19:55:45 CEST
http://advisories.mageia.org/MGASA-2014-0164.html

Note You need to log in before you can comment on or make changes to this bug.