zoo-2.10-1025.8 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10445-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z zoo-2.10-1025.8 on GA media These are all security issues fixed in the zoo-2.10-1025.8 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10445 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-0855/ SUSE CVE CVE-2006-0855 page https://www.suse.com/security/cve/CVE-2007-1669/ SUSE CVE CVE-2007-1669 page openSUSE Tumbleweed zoo-2.10-1025.8 zoo-2.10-1025.8 as a component of openSUSE Tumbleweed Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected. CVE-2006-0855 openSUSE Tumbleweed:zoo-2.10-1025.8 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-0855.html CVE-2006-0855 https://bugzilla.suse.com/153057 SUSE Bug 153057 zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. CVE-2007-1669 openSUSE Tumbleweed:zoo-2.10-1025.8 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-1669.html CVE-2007-1669 https://bugzilla.suse.com/271781 SUSE Bug 271781