MDVSA-2011:099 -- Mandriva libzipID: oval:org.secpod.oval:def:301026 | Date: (C)2012-01-07 (M)2023-12-07 |
Class: PATCH | Family: unix |
A vulnerability has been identified and fixed in libzip: The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service via an empty ZIP archive that is processed with a locateName or statName operation . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |