Mandriva issued this advisory on May 24: http://lists.mandriva.com/security-announce/2011-05/msg00024.php
As php 5.3.8 is in testing maybe we don't need this one ? The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
CC: (none) => fundawang, pterjan
libzip is its own SRPM. PHP just uses that code. CVEs are like that sometimes, mentioning a program or something rather than the library that is the actual source of the problem.
just fixed and pushed in updates_testing
CC: (none) => dmorganecAssignee: bugsquad => qa-bugs
This is only used by libepub0 on my system, which is used by okular. Tested on i586 by opening a free epub book in okular. Looks good.
Also testing on i586. Used ziptorrent to convert an existing zip to ziptorrent format (see http://www.makelinux.net/man/3/Z/zip_set_archive_flag ), zipmerge to combine two zip files, and zipcmp to show the differences between two zip files. Still need x86-64 testing.
CC: (none) => davidwhodgins
(In reply to comment #4) > This is only used by libepub0 on my system, which is used by okular. Tested on > i586 by opening a free epub book in okular. Looks good. Testing complete the srpm libzip-0.9.3-3.1.mga1.src.rpm on Mageia release 1 (Official) for x86_64 ,works too when I open a free epub book files with Okular.
CC: (none) => geiger.david68210
Validating Advisory: ======================== Updated libzip packages fix security vulnerability: The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation (CVE-2011-0421). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2011:099 ======================== Updated packages in core/updates_testing: ======================== libzip-0.9.3-3.1.mga1 libzip-devel-0.9.3-3.1.mga1 libzip1-0.9.3-3.1.mga1 from libzip-0.9.3-3.1.mga1.src.rpm ======================== Could sysadmin please push from core/updates_testing to core/updates Thank you!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED