Updated clamav packages address multiple issues

Kirjoittaja **ursula** » 24 Helmi 2007, 19:22

MDKSA-2007:043 - Updated clamav packages address multiple issues

Package : clamav
Date : February 19, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors
under certain conditions, which allows remote attackers to cause a
denial of service (file descriptor consumption and failed scans) via
CAB archives with a cabinet header record length of zero, which causes
a function to return without closing a file descriptor. (CVE-2007-0897)

Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV
before 0.90 allows remote attackers to overwrite arbitrary files via a
.. (dot dot) in the id MIME header parameter in a multi-part message.
(CVE-2007-0898)

The update to 0.90 addresses these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2007-0897
http://cve.mitre.org/cgi-bin/cvename.cg ... -2007-0898

Updated clamav packages address multiple issues

Updated clamav packages address multiple issues

Paikallaolijat