Solution
Please Install the Updated Packages.
Insight
Multiple vulnerabilities has been found and corrected in libzip:
libzip (version <
= 0.10) uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files (CVE-2012-1162).
libzip (version <
= 0.10) has a numeric overflow condition, which,
for example, results in improper restrictions of operations within the bounds of a memory buffer (e.g., allowing information leaks) (CVE-2012-1163).
The updated packages have been upgraded to the 0.10.1 version to correct these issues.
Affected
libzip on Mandriva Linux 2011.0,
Mandriva Enterprise Server 5.2,
Mandriva Linux 2010.1
Severity
Classification
-
CVE CVE-2012-1162, CVE-2012-1163 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities