Mandriva Linux Security Advisory : libzip (MDVSA-2011:099)
Medium Nessus Plugin ID 54638
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been identified and fixed in libzip :
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (application crash) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation (CVE-2011-0421).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.