Slackware 10.2 SSA:2006-142-02 Critical Zoo Archiver Overflow Fix
slackware
May 22, 2006
New bin packages are available for Slackware 10.2 and -current to fix a security issue with the zoo archive program
Summary
Here are the details from the Slackware 10.2 ChangeLog: patches/packages/bin-10.2-i486-2_10.2.tgz: Upgraded to eject-2.1.4 to fix problems with 2.6 kernels (bugfix). Patched a security problem in zoo's fullpath() function that was reported by Jean-Sebastien Guay-Leroux. At first this didn't seem like much as zoo is old and hardly used, but there are virus scanning programs that scan zoo archives. It is a possible problem on any system running zoo like this in an automated way, and (of course) could also cause problems if a user were to open a malicious zoo archive manually. (though I'd be pretty suspicious if someone were to mail me anything using "zoo" in 2006...) (* Security fix *)
Topics Covered
Where Find New Packages
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bin-10.2-i486-2_10.2.tgz
Updated package for Slackware -current:
MD5 Signatures
Slackware 10.2 package:
0847080265c36315c106cdeaaa8be326 bin-10.2-i486-2_10.2.tgz
Slackware -current package:
615f7396cdf0762c92ba8d866d5625cf bin-11.0-i486-1.tgz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the package as root: # upgradepkg bin-10.2-i486-2_10.2.tgz
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!