Lucene search
Mandriva Update for libzip MDVSA-2012:034 (libzip)
ποΈΒ 03 Aug 2012Β 00:00:00Reported byΒ Copyright (C) 2012 Greenbone AGTypeΒ 
Β openvasπΒ plugins.openvas.orgπΒ 17Β Views
The remote host is missing an update for the 'libzip' package(s) announced via the referenced advisory. The updated packages have been upgraded to the 0.10.1 version to correct multiple vulnerabilities including heap overflow and numeric overflow conditions
Show more
| Reporter | Title | Published | Views | Family All 30 |
|---|---|---|---|---|
| Mandriva Update for libzip MDVSA-2012:034 (libzip) | 3 Aug 201200:00 | β | openvas |
| Gentoo Security Advisory GLSA 201203-23 (libzip) | 30 Apr 201200:00 | β | openvas |
| Gentoo Security Advisory GLSA 201203-23 (libzip) | 30 Apr 201200:00 | β | openvas |
| Fedora Update for libzip FEDORA-2012-4485 | 30 Aug 201200:00 | β | openvas |
| Fedora Update for libzip FEDORA-2012-4485 | 30 Aug 201200:00 | β | openvas |
 | GLSA-201203-23 : libzip: Multiple vulnerabilities | 21 Jun 201200:00 | β | nessus |
| openSUSE Security Update : libzip (openSUSE-SU-2012:0416-1) | 13 Jun 201400:00 | β | nessus |
| Mandriva Linux Security Advisory : libzip (MDVSA-2012:034) | 23 Mar 201200:00 | β | nessus |
| Fedora 17 : libzip-0.10.1-1.fc17 (2012-4485) | 12 Apr 201200:00 | β | nessus |
| Oracle Linux 8 : php:7.4 (ELSA-2023-2903) | 24 May 202300:00 | β | nessus |
10
| Source | Link |
|---|---|
| mandriva | www.mandriva.com/en/support/security/advisories/ |
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:034");
script_oid("1.3.6.1.4.1.25623.1.0.831654");
script_version("2023-07-14T05:06:08+0000");
script_tag(name:"last_modification", value:"2023-07-14 05:06:08 +0000 (Fri, 14 Jul 2023)");
script_tag(name:"creation_date", value:"2012-08-03 09:58:44 +0530 (Fri, 03 Aug 2012)");
script_cve_id("CVE-2012-1162", "CVE-2012-1163");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name:"MDVSA", value:"2012:034");
script_name("Mandriva Update for libzip MDVSA-2012:034 (libzip)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'libzip'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release", re:"ssh/login/release=MNDK_(2011\.0|mes5\.2|2010\.1)");
script_tag(name:"affected", value:"libzip on Mandriva Linux 2011.0,
Mandriva Enterprise Server 5.2,
Mandriva Linux 2010.1");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"Multiple vulnerabilities has been found and corrected in libzip:
libzip (version <= 0.10) uses an incorrect loop construct, which can
result in a heap overflow on corrupted zip files (CVE-2012-1162).
libzip (version <= 0.10) has a numeric overflow condition, which,
for example, results in improper restrictions of operations within
the bounds of a memory buffer (e.g., allowing information leaks)
(CVE-2012-1163).
The updated packages have been upgraded to the 0.10.1 version to
correct these issues.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "MNDK_2011.0")
{
if ((res = isrpmvuln(pkg:"libzip", rpm:"libzip~0.10.1~0.1", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libzip2", rpm:"libzip2~0.10.1~0.1", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libzip-devel", rpm:"libzip-devel~0.10.1~0.1", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64zip2", rpm:"lib64zip2~0.10.1~0.1", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64zip-devel", rpm:"lib64zip-devel~0.10.1~0.1", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "MNDK_mes5.2")
{
if ((res = isrpmvuln(pkg:"libzip", rpm:"libzip~0.10.1~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libzip2", rpm:"libzip2~0.10.1~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libzip-devel", rpm:"libzip-devel~0.10.1~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64zip2", rpm:"lib64zip2~0.10.1~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64zip-devel", rpm:"lib64zip-devel~0.10.1~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "MNDK_2010.1")
{
if ((res = isrpmvuln(pkg:"libzip", rpm:"libzip~0.10.1~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libzip2", rpm:"libzip2~0.10.1~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libzip-devel", rpm:"libzip-devel~0.10.1~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64zip2", rpm:"lib64zip2~0.10.1~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64zip-devel", rpm:"lib64zip-devel~0.10.1~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo03 Aug 2012 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS27.5
EPSS0.01971