Mandriva Linux Security Advisory : libzip (MDVSA-2012:034)
High Nessus Plugin ID 58440
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in libzip :
libzip (version <= 0.10) uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files (CVE-2012-1162).
libzip (version <= 0.10) has a numeric overflow condition, which, for example, results in improper restrictions of operations within the bounds of a memory buffer (e.g., allowing information leaks) (CVE-2012-1163).
The updated packages have been upgraded to the 0.10.1 version to correct these issues.
SolutionUpdate the affected packages.